{"url":"http://public2.vulnerablecode.io/api/packages/248834?format=json","purl":"pkg:rpm/redhat/nss-util@3.16.1-3?arch=el6_5","type":"rpm","namespace":"redhat","name":"nss-util","version":"3.16.1-3","qualifiers":{"arch":"el6_5"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2894?format=json","vulnerability_id":"VCID-111g-pd5g-jfhc","summary":"Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7183.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7183","reference_id":"","reference_type":"","scores":[{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89527","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7183"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269353","reference_id":"1269353","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183","reference_id":"CVE-2015-7183","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1980","reference_id":"RHSA-2015:1980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1981","reference_id":"RHSA-2015:1981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2068","reference_id":"RHSA-2015:2068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2068"},{"reference_url":"https://usn.ubuntu.com/2785-1/","reference_id":"USN-2785-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2785-1/"},{"reference_url":"https://usn.ubuntu.com/2790-1/","reference_id":"USN-2790-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2790-1/"},{"reference_url":"https://usn.ubuntu.com/2819-1/","reference_id":"USN-2819-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2819-1/"}],"fixed_packages":[],"aliases":["CVE-2015-7183"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-111g-pd5g-jfhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2892?format=json","vulnerability_id":"VCID-xhrv-tvzq-kyb9","summary":"Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7181.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7181.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7181","reference_id":"","reference_type":"","scores":[{"value":"0.05021","scoring_system":"epss","scoring_elements":"0.89878","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7181"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269345","reference_id":"1269345","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181","reference_id":"CVE-2015-7181","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1980","reference_id":"RHSA-2015:1980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1981","reference_id":"RHSA-2015:1981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2068","reference_id":"RHSA-2015:2068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2068"},{"reference_url":"https://usn.ubuntu.com/2785-1/","reference_id":"USN-2785-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2785-1/"},{"reference_url":"https://usn.ubuntu.com/2791-1/","reference_id":"USN-2791-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2791-1/"},{"reference_url":"https://usn.ubuntu.com/2819-1/","reference_id":"USN-2819-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2819-1/"}],"fixed_packages":[],"aliases":["CVE-2015-7181"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhrv-tvzq-kyb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2893?format=json","vulnerability_id":"VCID-y8nr-6tvb-cbh1","summary":"Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7182.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7182.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7182","reference_id":"","reference_type":"","scores":[{"value":"0.11044","scoring_system":"epss","scoring_elements":"0.93559","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7182"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269351","reference_id":"1269351","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182","reference_id":"CVE-2015-7182","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1980","reference_id":"RHSA-2015:1980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1981","reference_id":"RHSA-2015:1981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2068","reference_id":"RHSA-2015:2068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2068"},{"reference_url":"https://usn.ubuntu.com/2785-1/","reference_id":"USN-2785-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2785-1/"},{"reference_url":"https://usn.ubuntu.com/2791-1/","reference_id":"USN-2791-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2791-1/"},{"reference_url":"https://usn.ubuntu.com/2819-1/","reference_id":"USN-2819-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2819-1/"}],"fixed_packages":[],"aliases":["CVE-2015-7182"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y8nr-6tvb-cbh1"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss-util@3.16.1-3%3Farch=el6_5"}