Search for packages
| purl | pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1xgw-uan4-byhg
Aliases: CVE-2021-43527 |
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. |
Affected by 21 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-1zaj-dhug-bffr
Aliases: CVE-2024-0743 |
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. |
Affected by 3 other vulnerabilities. |
|
VCID-54s7-rrtw-a7cg
Aliases: CVE-2020-12402 |
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. We would like to thank Sohaib ul Hassan for contributing a fix for this issue as well.*Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. |
Affected by 21 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-6gvr-zjz7-5uh5
Aliases: CVE-2017-5461 |
An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5. |
Affected by 25 other vulnerabilities. |
|
VCID-77de-35ta-1kat
Aliases: CVE-2024-6609 |
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. |
Affected by 3 other vulnerabilities. |
|
VCID-7s8d-r67g-6feh
Aliases: CVE-2024-6602 |
A mismatch between allocator and deallocator could have led to memory corruption. |
Affected by 3 other vulnerabilities. |
|
VCID-ake6-cm2x-8ubs
Aliases: CVE-2019-11745 |
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. |
Affected by 21 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-axss-jrt6-qqdk
Aliases: CVE-2020-25648 |
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. |
Affected by 5 other vulnerabilities. |
|
VCID-bjhc-gzeg-vyhq
Aliases: CVE-2019-11719 |
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. |
Affected by 5 other vulnerabilities. |
|
VCID-c5su-4v3n-5qh4
Aliases: CVE-2020-12401 |
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. |
Affected by 5 other vulnerabilities. |
|
VCID-e8wz-a6j9-ybas
Aliases: CVE-2020-12399 |
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. |
Affected by 21 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-ex9u-mprs-bqfe
Aliases: CVE-2018-18508 |
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. |
Affected by 21 other vulnerabilities. |
|
VCID-hvj7-bwkf-f3em
Aliases: CVE-2020-6829 |
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. |
Affected by 5 other vulnerabilities. |
|
VCID-mahw-y94d-xbe6
Aliases: CVE-2019-11729 |
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. |
Affected by 5 other vulnerabilities. |
|
VCID-nzee-g5hm-pfca
Aliases: CVE-2018-12384 |
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3. |
Affected by 21 other vulnerabilities. |
|
VCID-p65t-d156-qfex
Aliases: CVE-2017-5462 |
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5. |
Affected by 25 other vulnerabilities. |
|
VCID-pjmh-gvqz-47et
Aliases: CVE-2023-4421 |
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. |
Affected by 5 other vulnerabilities. |
|
VCID-sm4b-5vw1-1qcf
Aliases: CVE-2019-17023 |
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. |
Affected by 21 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-sv69-65sj-vybj
Aliases: CVE-2020-12400 |
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. |
Affected by 5 other vulnerabilities. |
|
VCID-tbc7-h4xz-rkdq
Aliases: CVE-2017-7502 |
Affected by 25 other vulnerabilities. |
|
|
VCID-tkkj-f8ww-1kdn
Aliases: CVE-2020-12403 |
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. |
Affected by 5 other vulnerabilities. |
|
VCID-ubzm-vaec-93gp
Aliases: CVE-2022-22747 |
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. |
Affected by 21 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-vme5-mkru-k3aj
Aliases: CVE-2019-17007 |
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. |
Affected by 21 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-w27h-8fnv-guhx
Aliases: CVE-2019-11727 |
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. |
Affected by 5 other vulnerabilities. |
|
VCID-wqhe-hmdh-p7eq
Aliases: CVE-2017-7805 |
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. |
Affected by 25 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-x6ny-uzze-23ap
Aliases: CVE-2019-17006 |
Affected by 21 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
|
VCID-yqjn-5kut-6qbk
Aliases: CVE-2023-0767 |
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. |
Affected by 5 other vulnerabilities. |
|
VCID-z5tc-zwsb-eydp
Aliases: CVE-2018-12404 |
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. |
Affected by 21 other vulnerabilities. |
|
VCID-zxmj-tzr9-c3cy
Aliases: CVE-2016-9074 |
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. |
Affected by 25 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1msn-8tvt-ekhd | Mozilla engineers Tyson Smith and David Keeler reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were triggered, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in the Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation. This leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS. |
CVE-2015-7182
|
| VCID-6gvr-zjz7-5uh5 | An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5. |
CVE-2017-5461
|
| VCID-7nbe-kj5s-q7cn | It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. |
CVE-2016-8635
|
| VCID-7svy-v5cp-u3fd | Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This issues exposes NSS based clients such as Firefox to theoretical collision-based forgery attacks. This issue was fixed in NSS version 3.20.2. |
CVE-2015-7575
|
| VCID-arv7-nfbr-dfc1 | Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where the client allows for a ECDHE_ECDSA exchange where the server does not send its ServerKeyExchange message instead of aborting the handshake. Instead, the NSS client will take the EC key from the ECDSA certificate. This violates the TLS protocol and also has some security implications for forward secrecy. In this situation, the browser thinks it is engaged in an ECDHE exchange, but has been silently downgraded to a non-forward secret mixed-ECDH exchange instead. As a result, if False Start is enabled, the browser will start sending data encrypted under these non-forward-secret connection keys. This issue was fixed in NSS version 3.19.1. |
CVE-2015-2721
|
| VCID-ay74-3btx-p3dt | Security researcher Hanno Böck reported that calculations with mp_div and mp_exptmod in Network Security Services (NSS) can produce wrong results in some circumstances. These functions are used within NSS for a variety of cryptographic division functions, leading to potential cryptographic weaknesses. |
CVE-2016-1938
|
| VCID-esvq-px6q-uubw | Mozilla engineers Tyson Smith and David Keeler reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were triggered, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in the Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation. This leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS. |
CVE-2015-7181
|
| VCID-mn9u-s9ed-tyde | Mozilla community member Watson Ladd reported that the implementation of Elliptical Curve Cryptography (ECC) multiplication for Elliptic Curve Digital Signature Algorithm (ECDSA) signature validation in Network Security Services (NSS) did not handle exceptional cases correctly. This could potentially allow for signature forgery. This issue was fixed in NSS version 3.19.1. |
CVE-2015-2730
|
| VCID-n7zq-kjfr-kfd3 | Security researcher Francis Gabriel of Quarkslab reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user. This issue has been addressed in the NSS releases shipping on affected Mozilla products: |
CVE-2016-1950
|
| VCID-n8eb-ba65-jbas | A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. |
CVE-2016-5285
|
| VCID-p65t-d156-qfex | A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5. |
CVE-2017-5462
|
| VCID-pphb-ty98-tkgx | Mozilla developer Tim Taubert used the Address Sanitizer tool and software fuzzing to discover a use-after-free vulnerability while processing DER encoded keys in the Network Security Services (NSS) libraries. The vulnerability overwrites the freed memory with zeroes. This issue has been addressed in NSS 3.21.1, shipping in Firefox 45. |
CVE-2016-1979
|
| VCID-tbc7-h4xz-rkdq |
CVE-2017-7502
|
|
| VCID-tpju-q2sh-rbck | Security researcher Matthew Green reported a Diffie–Hellman (DHE) key processing issue in Network Security Services (NSS) where a man-in-the-middle (MITM) attacker can force a server to downgrade TLS connections to 512-bit export-grade cryptography by modifying client requests to include only export-grade cipher suites. The resulting weak key can then be leveraged to impersonate the server. This attack is detailed in the "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice" paper and is known as the "Logjam Attack."This issue was fixed in NSS version 3.19.1 by limiting the lower strength of supported DHE keys to use 1023 bit primes. |
CVE-2015-4000
|
| VCID-tpw7-f1vk-3bf4 | Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability. |
CVE-2016-1978
|
| VCID-wqhe-hmdh-p7eq | During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. |
CVE-2017-7805
|
| VCID-z4fk-gp2d-g3d8 | nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA |
CVE-2016-9574
|
| VCID-zx73-18cf-pkaw | Mozilla has updated the version of Network Security Services (NSS) library used in Firefox to NSS 3.23. This addresses four moderate rated networking security issues reported by Mozilla engineers Tyson Smith and Jed Davis. |
CVE-2016-2834
|