CVE-2014-1569

The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mozillaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
mozillanetwork_security_services
𝑥
≤ 3.16.2.3
mozillanetwork_security_services
3.16.2.0
mozillanetwork_security_services
3.16.2.1
mozillanetwork_security_services
3.16.2.2
mozillanetwork_security_services
3.17.0
mozillanetwork_security_services
3.17.1
mozillanetwork_security_services
3.17.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nss
bullseye
2:3.61-1+deb11u3
fixed
bullseye (security)
2:3.61-1+deb11u4
fixed
bookworm
2:3.87.1-1
fixed
sid
2:3.105-2
fixed
trixie
2:3.105-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nss
utopic
Fixed 2:3.17.1-0ubuntu1.1
released
trusty
Fixed 2:3.17.1-0ubuntu0.14.04.2
released
precise
Fixed 3.17.1-0ubuntu0.12.04.2
released
lucid
Fixed 3.17.1-0ubuntu0.10.04.2
released
References
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html
http://www.debian.org/security/2015/dsa-3186
http://www.intelsecurity.com/resources/wp-berserk-analysis-part-1.pdf
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securitytracker.com/id/1032909
https://bugzilla.mozilla.org/show_bug.cgi?id=1064670
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes
https://www.imperialviolet.org/2014/09/26/pkcs1.html
https://www.reddit.com/r/netsec/comments/2hd1m8/rsa_signature_forgery_in_nss/cksnr02
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html
http://www.debian.org/security/2015/dsa-3186
http://www.intelsecurity.com/resources/wp-berserk-analysis-part-1.pdf
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securitytracker.com/id/1032909
https://bugzilla.mozilla.org/show_bug.cgi?id=1064670
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes
https://www.imperialviolet.org/2014/09/26/pkcs1.html
https://www.reddit.com/r/netsec/comments/2hd1m8/rsa_signature_forgery_in_nss/cksnr02