Search for vulnerabilities
| Vulnerability ID | VCID-jg6h-xzwd-wbhk |
| Aliases |
CVE-2012-0441
|
| Summary | Security researcher Kaspar Brand found a flaw in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints, assuming default values for some types that should be rejected as malformed. These issues have been addressed in NSS 3.13.4, which is now being used by Mozilla. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 0.0 |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0441.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2012-0441 | ||
| 827833 | https://bugzilla.redhat.com/show_bug.cgi?id=827833 | |
| CVE-2012-0441 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441 | |
| mfsa2012-39 | https://www.mozilla.org/en-US/security/advisories/mfsa2012-39 | |
| RHSA-2012:1090 | https://access.redhat.com/errata/RHSA-2012:1090 | |
| RHSA-2012:1091 | https://access.redhat.com/errata/RHSA-2012:1091 | |
| USN-1463-1 | https://usn.ubuntu.com/1463-1/ | |
| USN-1463-4 | https://usn.ubuntu.com/1463-4/ | |
| USN-1463-6 | https://usn.ubuntu.com/1463-6/ | |
| USN-1540-1 | https://usn.ubuntu.com/1540-1/ | |
| USN-1540-2 | https://usn.ubuntu.com/1540-2/ |
| Percentile | 0.8731 |
| EPSS Score | 0.03581 |
| Published At | Aug. 10, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T08:10:31.330257+00:00 | Mozilla Importer | Import | https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-39.md | 37.0.0 |