Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-crjp-qc36-wfb7

Summary

Security researchers Tyson Smith and Jesse
Schwartzentruber used the Address Sanitizer tool while fuzzing to
discover a use-after-free error resulting in a crash. This is a result of a pair
of NSSCertificate structures being added to a trust domain and then
one of them is removed while they are still in use by the trusted cache. This
crash is potentially exploitable.
This issue was addressed in the Network Security Services (NSS) library in version 3.16.2, 
shipping on affected platforms.In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.

Aliases

alias	CVE-2014-1544

Fixed_packages

url	pkg:deb/debian/nss@2:3.16.3-1?distro=trixie
purl	pkg:deb/debian/nss@2:3.16.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.16.3-1%3Fdistro=trixie

url pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2tdh-tupa-23en

vulnerability	VCID-5dqq-xwr4-pbfv

vulnerability	VCID-gxau-xxpj-fufj

vulnerability	VCID-jd6h-m6sm-xqbt

vulnerability	VCID-mg3r-rr93-zuen

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3%3Fdistro=trixie

url pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2tdh-tupa-23en

vulnerability	VCID-5dqq-xwr4-pbfv

vulnerability	VCID-7vub-2tme-ffbs

vulnerability	VCID-gxau-xxpj-fufj

vulnerability	VCID-jd6h-m6sm-xqbt

vulnerability	VCID-mg3r-rr93-zuen

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/nss@2:3.110-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/nss@2:3.110-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.110-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/nss@2:3.123.1-1?distro=trixie
purl	pkg:deb/debian/nss@2:3.123.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.123.1-1%3Fdistro=trixie

url	pkg:deb/debian/nss@2:3.124-1?distro=trixie
purl	pkg:deb/debian/nss@2:3.124-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.124-1%3Fdistro=trixie

url	pkg:ebuild/dev-libs/nspr@2.33.1
purl	pkg:ebuild/dev-libs/nspr@2.33.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nspr@2.33.1

url	pkg:ebuild/dev-libs/nspr@4.10.6
purl	pkg:ebuild/dev-libs/nspr@4.10.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nspr@4.10.6

url	pkg:ebuild/dev-libs/nspr@31.5.0
purl	pkg:ebuild/dev-libs/nspr@31.5.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nspr@31.5.0

url	pkg:ebuild/dev-libs/nspr@31.5.3
purl	pkg:ebuild/dev-libs/nspr@31.5.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nspr@31.5.3

url	pkg:ebuild/mail-client/thunderbird@31.5.0
purl	pkg:ebuild/mail-client/thunderbird@31.5.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@31.5.0

url	pkg:ebuild/mail-client/thunderbird@31.5.3
purl	pkg:ebuild/mail-client/thunderbird@31.5.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@31.5.3

url	pkg:ebuild/mail-client/thunderbird-bin@31.5.0
purl	pkg:ebuild/mail-client/thunderbird-bin@31.5.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird-bin@31.5.0

url	pkg:ebuild/mail-client/thunderbird-bin@31.5.3
purl	pkg:ebuild/mail-client/thunderbird-bin@31.5.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird-bin@31.5.3

url	pkg:ebuild/www-client/firefox@31.5.3
purl	pkg:ebuild/www-client/firefox@31.5.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/firefox@31.5.3

url	pkg:ebuild/www-client/firefox-bin@31.5.3
purl	pkg:ebuild/www-client/firefox-bin@31.5.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/firefox-bin@31.5.3

url	pkg:ebuild/www-client/seamonkey@2.33.1
purl	pkg:ebuild/www-client/seamonkey@2.33.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey@2.33.1

url	pkg:ebuild/www-client/seamonkey@31.5.0
purl	pkg:ebuild/www-client/seamonkey@31.5.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey@31.5.0

url	pkg:ebuild/www-client/seamonkey@31.5.3
purl	pkg:ebuild/www-client/seamonkey@31.5.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey@31.5.3

url	pkg:ebuild/www-client/seamonkey-bin@2.33.1
purl	pkg:ebuild/www-client/seamonkey-bin@2.33.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey-bin@2.33.1

url	pkg:ebuild/www-client/seamonkey-bin@31.5.0
purl	pkg:ebuild/www-client/seamonkey-bin@31.5.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey-bin@31.5.0

url	pkg:ebuild/www-client/seamonkey-bin@31.5.3
purl	pkg:ebuild/www-client/seamonkey-bin@31.5.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey-bin@31.5.3

url	pkg:mozilla/Firefox@31.0.0
purl	pkg:mozilla/Firefox@31.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@31.0.0

url	pkg:mozilla/Firefox%20ESR@24.7.0
purl	pkg:mozilla/Firefox%20ESR@24.7.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.7.0

url	pkg:mozilla/Thunderbird@24.7.0
purl	pkg:mozilla/Thunderbird@24.7.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.7.0

url	pkg:mozilla/Thunderbird@31.0.0
purl	pkg:mozilla/Thunderbird@31.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.0.0

Affected_packages

url pkg:rpm/redhat/nspr@4.10.6-1?arch=el5_10

purl pkg:rpm/redhat/nspr@4.10.6-1?arch=el5_10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-crjp-qc36-wfb7

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nspr@4.10.6-1%3Farch=el5_10

url pkg:rpm/redhat/nspr@4.10.6-1?arch=el6_5

purl pkg:rpm/redhat/nspr@4.10.6-1?arch=el6_5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8y3y-wqf8-23eg

vulnerability	VCID-crjp-qc36-wfb7

vulnerability	VCID-hyuw-jmx3-suaz

vulnerability	VCID-j5xg-j8a3-d3fk

vulnerability	VCID-vg1a-61x3-g7gs

vulnerability	VCID-yb2m-gy9e-9qft

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nspr@4.10.6-1%3Farch=el6_5

url pkg:rpm/redhat/nspr@4.10.6-1?arch=el7_0

purl pkg:rpm/redhat/nspr@4.10.6-1?arch=el7_0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-crjp-qc36-wfb7

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nspr@4.10.6-1%3Farch=el7_0

url pkg:rpm/redhat/nss@3.12.8-9?arch=el5_6

purl pkg:rpm/redhat/nss@3.12.8-9?arch=el5_6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-crjp-qc36-wfb7

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.12.8-9%3Farch=el5_6

url pkg:rpm/redhat/nss@3.12.10-7?arch=el4

purl pkg:rpm/redhat/nss@3.12.10-7?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-crjp-qc36-wfb7

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.12.10-7%3Farch=el4

url pkg:rpm/redhat/nss@3.13.1-10?arch=el6_2

purl pkg:rpm/redhat/nss@3.13.1-10?arch=el6_2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-crjp-qc36-wfb7

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.13.1-10%3Farch=el6_2

url pkg:rpm/redhat/nss@3.14.3-6?arch=el6_4

purl pkg:rpm/redhat/nss@3.14.3-6?arch=el6_4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-crjp-qc36-wfb7

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.14.3-6%3Farch=el6_4

url pkg:rpm/redhat/nss@3.14.3-9?arch=el5_9

purl pkg:rpm/redhat/nss@3.14.3-9?arch=el5_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-crjp-qc36-wfb7

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.14.3-9%3Farch=el5_9

url pkg:rpm/redhat/nss@3.15.3-7?arch=el5_10

purl pkg:rpm/redhat/nss@3.15.3-7?arch=el5_10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-crjp-qc36-wfb7

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.15.3-7%3Farch=el5_10

url pkg:rpm/redhat/nss@3.15.4-7?arch=el7_0

purl pkg:rpm/redhat/nss@3.15.4-7?arch=el7_0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-crjp-qc36-wfb7

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.15.4-7%3Farch=el7_0

url pkg:rpm/redhat/nss@3.16.1-4?arch=el6_5

purl pkg:rpm/redhat/nss@3.16.1-4?arch=el6_5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8y3y-wqf8-23eg

vulnerability	VCID-crjp-qc36-wfb7

vulnerability	VCID-hyuw-jmx3-suaz

vulnerability	VCID-j5xg-j8a3-d3fk

vulnerability	VCID-vg1a-61x3-g7gs

vulnerability	VCID-yb2m-gy9e-9qft

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.16.1-4%3Farch=el6_5

url pkg:rpm/redhat/nss-util@3.16.1-1?arch=el6_5

purl pkg:rpm/redhat/nss-util@3.16.1-1?arch=el6_5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8y3y-wqf8-23eg

vulnerability	VCID-crjp-qc36-wfb7

vulnerability	VCID-hyuw-jmx3-suaz

vulnerability	VCID-j5xg-j8a3-d3fk

vulnerability	VCID-vg1a-61x3-g7gs

vulnerability	VCID-yb2m-gy9e-9qft

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss-util@3.16.1-1%3Farch=el6_5

References

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1544.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1544.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-1544

reference_id

reference_type

scores

value	0.0325
scoring_system	epss
scoring_elements	0.87343
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-1544

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1116198
reference_id	1116198
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1116198

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544
reference_id	CVE-2014-1544
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544

reference_url	https://security.gentoo.org/glsa/201504-01
reference_id	GLSA-201504-01
reference_type
scores
url	https://security.gentoo.org/glsa/201504-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2014-63

reference_id

mfsa2014-63

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2014-63

reference_url	https://access.redhat.com/errata/RHSA-2014:0915
reference_id	RHSA-2014:0915
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0915

reference_url	https://access.redhat.com/errata/RHSA-2014:0916
reference_id	RHSA-2014:0916
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0916

reference_url	https://access.redhat.com/errata/RHSA-2014:0917
reference_id	RHSA-2014:0917
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0917

reference_url	https://access.redhat.com/errata/RHSA-2014:1165
reference_id	RHSA-2014:1165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1165

reference_url	https://usn.ubuntu.com/2295-1/
reference_id	USN-2295-1
reference_type
scores
url	https://usn.ubuntu.com/2295-1/

reference_url	https://usn.ubuntu.com/2296-1/
reference_id	USN-2296-1
reference_type
scores
url	https://usn.ubuntu.com/2296-1/

reference_url	https://usn.ubuntu.com/2343-1/
reference_id	USN-2343-1
reference_type
scores
url	https://usn.ubuntu.com/2343-1/

Weaknesses

cwe_id	416
name	Use After Free
description	Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-crjp-qc36-wfb7

Vulnerability Instance