| Vulnerability Name: | CVE-2017-11697 (CCN-130414) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2017-08-09 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2017-08-09 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2020-03-16 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file. | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-119 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-11697 Source: MISC Type: Third Party Advisory, VDB Entry http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html Source: CCN Type: Full-Disclosure Mailing List, Wed, 09 Aug 2017 15:56:22 -0400 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698) Source: FULLDISC Type: Exploit, Mailing List, Third Party Advisory 20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698) Source: MISC Type: Exploit, Third Party Advisory http://www.geeknik.net/9brdqk6xu Source: CCN Type: Mozilla Web site Network Security Services Source: BID Type: Third Party Advisory, VDB Entry 100345 Source: SECTRACK Type: Third Party Advisory, VDB Entry 1039153 Source: XF Type: UNKNOWN mozilla-nss-cve201711697-priv-esc(130414) Source: CCN Type: Packet Storm Security [08-09-2017] NSS Buffer Overflows / Floating Point Exception Source: GENTOO Type: UNKNOWN GLSA-202003-37 Source: CCN Type: WhiteSource Vulnerability Database CVE-2017-11697 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||