CVE-2017-5461

Summary

CVE	CVE-2017-5461
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-05-11 01:29:00 UTC
Updated	2021-07-20 23:15:00 UTC
Description	Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mozilla	Network Security Services	All	All	All	All
Application	Mozilla	Network Security Services	All	All	All	All

References

Reference	Source	Link	Tags
Red Hat Customer Portal	REDHAT	access.redhat.com	Patch
Mozilla Network Security Services CVE-2017-5461 Memory Corruption Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
Mozilla Firefox Multiple Bugs Let Remote Users Bypass Security Restrictions, Spoof URLs, Obtain Potentially Sensitive Information, Deny Service, and Execute Arbitrary Code - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Red Hat Customer Portal	REDHAT	access.redhat.com	Patch
Red Hat Customer Portal	REDHAT	access.redhat.com	Patch
Oracle Critical Patch Update - January 2018	CONFIRM	www.oracle.com	Patch
Oracle Critical Patch Update Advisory - July 2021	N/A	www.oracle.com
NSS 3.21.4 release notes - Mozilla \| MDN	CONFIRM	developer.mozilla.org	Release Notes, Vendor Advisory
Red Hat Customer Portal	REDHAT	access.redhat.com	Patch
Mozilla Network Security Service (NSS): Multiple vulnerabilities (GLSA 201705-04) — Gentoo security	GENTOO	security.gentoo.org	Third Party Advisory
NSS 3.29.5 release notes - Mozilla \| MDN	CONFIRM	developer.mozilla.org	Release Notes, Vendor Advisory
Security vulnerabilities fixed in Firefox ESR 52.1 — Mozilla	CONFIRM	www.mozilla.org	Vendor Advisory
Debian -- Security Information -- DSA-3831-1 firefox-esr	DEBIAN	www.debian.org	Patch
Security vulnerabilities fixed in Firefox ESR 45.9 — Mozilla	CONFIRM	www.mozilla.org	Vendor Advisory
NSS 3.28.4 release notes - Mozilla \| MDN	CONFIRM	developer.mozilla.org	Release Notes, Vendor Advisory
Security vulnerabilities fixed in Thunderbird 52.1 — Mozilla	CONFIRM	www.mozilla.org	Vendor Advisory
Security vulnerabilities fixed in Firefox 53 — Mozilla	CONFIRM	www.mozilla.org	Vendor Advisory
Debian -- Security Information -- DSA-3872-1 nss	DEBIAN	www.debian.org	Patch
1344380 - (CVE-2017-5461) Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c	CONFIRM	bugzilla.mozilla.org	Issue Tracking, Permissions Required
Oracle Critical Patch Update - October 2017	CONFIRM	www.oracle.com	Patch
NSS 3.30.1 release notes - Mozilla \| MDN	CONFIRM	developer.mozilla.org	Release Notes, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

378265 Virtuozzo Linux Security Update for nss-util-devel (VZLSA-2017:1100)
690289 Free Berkeley Software Distribution (FreeBSD) Security Update for mozilla (5e0a038a-ca30-416d-a2f5-38cbf5e7df33)
710287 Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 201802-03)
710397 Gentoo Linux Mozilla Network Security Service (NSS) Multiple Vulnerabilities (GLSA 201705-04)
904930 Common Base Linux Mariner (CBL-Mariner) Security Update for openjdk8 (12401)