CVE-2019-17006

EUVD-2019-7480
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
siemensruggedcom_rox_mx5000_firmware
𝑥
< 2.14.0
siemensruggedcom_rox_rx1400_firmware
𝑥
< 2.14.0
siemensruggedcom_rox_rx1500_firmware
𝑥
< 2.14.0
siemensruggedcom_rox_rx1501_firmware
𝑥
< 2.14.0
siemensruggedcom_rox_rx1510_firmware
𝑥
< 2.14.0
siemensruggedcom_rox_rx1511_firmware
𝑥
< 2.14.0
siemensruggedcom_rox_rx1512_firmware
𝑥
< 2.14.0
siemensruggedcom_rox_rx5000_firmware
𝑥
< 2.14.0
mozillanetwork_security_services
𝑥
< 3.46
netapphci_management_node
-
netappsolidfire
-
netapphci_compute_node
-
netapphci_storage_node
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nss
bookworm
2:3.87.1-1
fixed
bullseye
2:3.61-1+deb11u3
fixed
bullseye (security)
2:3.61-1+deb11u4
fixed
sid
2:3.105-2
fixed
trixie
2:3.105-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nss
bionic
Fixed 2:3.35-2ubuntu2.7
released
disco
Fixed 2:3.42-1ubuntu2.5
released
eoan
Fixed 2:3.45-1ubuntu2.2
released
trusty
Fixed 2:3.28.4-0ubuntu0.14.04.5+esm4
released
xenial
Fixed 2:3.28.4-0ubuntu0.16.04.10
released
Common Weakness Enumeration
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes
https://security.netapp.com/advisory/ntap-20210129-0001/
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes
https://security.netapp.com/advisory/ntap-20210129-0001/
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04