{"url":"http://public2.vulnerablecode.io/api/packages/119576?format=json","purl":"pkg:deb/debian/nss@3.13.4-1?distro=trixie","type":"deb","namespace":"debian","name":"nss","version":"3.13.4-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2:3.14.3-1","latest_non_vulnerable_version":"2:3.124-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2329?format=json","vulnerability_id":"VCID-wh5f-gkuv-q3ep","summary":"Security researcher Kaspar Brand found a flaw in how the\nNetwork Security Services (NSS) ASN.1 decoder handles zero length items. Effects\nof this issue depend on the field. One known symptom is an unexploitable crash\nin handling OCSP responses. NSS also mishandles zero-length basic constraints,\nassuming default values for some types that should be rejected as malformed.\nThese issues have been addressed in NSS 3.13.4, which is now being used by\nMozilla.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0441.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0441.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0441","reference_id":"","reference_type":"","scores":[{"value":"0.03581","scoring_system":"epss","scoring_elements":"0.87953","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03581","scoring_system":"epss","scoring_elements":"0.87974","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03581","scoring_system":"epss","scoring_elements":"0.87978","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03581","scoring_system":"epss","scoring_elements":"0.87979","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03581","scoring_system":"epss","scoring_elements":"0.87992","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0441"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827833","reference_id":"827833","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441","reference_id":"CVE-2012-0441","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-39","reference_id":"mfsa2012-39","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1090","reference_id":"RHSA-2012:1090","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1090"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1091","reference_id":"RHSA-2012:1091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1091"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"},{"reference_url":"https://usn.ubuntu.com/1540-1/","reference_id":"USN-1540-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1540-1/"},{"reference_url":"https://usn.ubuntu.com/1540-2/","reference_id":"USN-1540-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1540-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119576?format=json","purl":"pkg:deb/debian/nss@3.13.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@3.13.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119566?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e9n9-xud9-dkgv"},{"vulnerability":"VCID-je5a-edxm-rybv"},{"vulnerability":"VCID-wjka-dkr1-m7eu"},{"vulnerability":"VCID-yasd-f1n9-sbew"},{"vulnerability":"VCID-ybek-h33z-v7dr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119564?format=json","purl":"pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ckmw-656v-byhx"},{"vulnerability":"VCID-e9n9-xud9-dkgv"},{"vulnerability":"VCID-je5a-edxm-rybv"},{"vulnerability":"VCID-wjka-dkr1-m7eu"},{"vulnerability":"VCID-yasd-f1n9-sbew"},{"vulnerability":"VCID-ybek-h33z-v7dr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119569?format=json","purl":"pkg:deb/debian/nss@2:3.110-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.110-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119567?format=json","purl":"pkg:deb/debian/nss@2:3.124-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.124-1%3Fdistro=trixie"}],"aliases":["CVE-2012-0441"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wh5f-gkuv-q3ep"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@3.13.4-1%3Fdistro=trixie"}