Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-1569

The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00.

Published

2014-12-15T18:59:00.067

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	network_security_services	≤ 3.16.2.3	Yes
Application	mozilla	network_security_services	3.16.2.0	Yes
Application	mozilla	network_security_services	3.16.2.1	Yes
Application	mozilla	network_security_services	3.16.2.2	Yes
Application	mozilla	network_security_services	3.17.0	Yes
Application	mozilla	network_security_services	3.17.1	Yes
Application	mozilla	network_security_services	3.17.2	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html ([email protected])
http://www.debian.org/security/2015/dsa-3186 ([email protected])
http://www.intelsecurity.com/resources/wp-berserk-analysis-part-1.pdf Exploit ([email protected])
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html ([email protected])
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html ([email protected])
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html ([email protected])
http://www.securitytracker.com/id/1032909 ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=1064670 Exploit ([email protected])
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes Vendor Advisory ([email protected])
https://www.imperialviolet.org/2014/09/26/pkcs1.html Exploit ([email protected])
https://www.reddit.com/r/netsec/comments/2hd1m8/rsa_signature_forgery_in_nss/cksnr02 Exploit ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2015/dsa-3186 (af854a3a-2127-422b-91ae-364da2661108)
http://www.intelsecurity.com/resources/wp-berserk-analysis-part-1.pdf Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1032909 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=1064670 Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.imperialviolet.org/2014/09/26/pkcs1.html Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://www.reddit.com/r/netsec/comments/2hd1m8/rsa_signature_forgery_in_nss/cksnr02 Exploit (af854a3a-2127-422b-91ae-364da2661108)