CVE-2015-7182

{"id": "CVE-2015-7182", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2015-11-05T05:59:06.963", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html", "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html", "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html", "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html", "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html", "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html", "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html", "source": "[email protected]"}, {"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html", "source": "[email protected]"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html", "source": "[email protected]"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html", "source": "[email protected]"}, {"url": "http://www.debian.org/security/2015/dsa-3393", "source": "[email protected]"}, {"url": "http://www.debian.org/security/2015/dsa-3410", "source": "[email protected]"}, {"url": "http://www.debian.org/security/2016/dsa-3688", "source": "[email protected]"}, {"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "tags": ["Patch"], "source": "[email protected]"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "source": "[email protected]"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "source": "[email protected]"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "source": "[email protected]"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "source": "[email protected]"}, {"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/77416", "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/91787", "source": "[email protected]"}, {"url": "http://www.securitytracker.com/id/1034069", "source": "[email protected]"}, {"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753", "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-2785-1", "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-2791-1", "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-2819-1", "source": "[email protected]"}, {"url": "https://bto.bluecoat.com/security-advisory/sa119", "source": "[email protected]"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1202868", "source": "[email protected]"}, {"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://security.gentoo.org/glsa/201512-10", "source": "[email protected]"}, {"url": "https://security.gentoo.org/glsa/201605-06", "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2015/dsa-3393", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2015/dsa-3410", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2016/dsa-3688", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/77416", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/91787", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1034069", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2785-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2791-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2819-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bto.bluecoat.com/security-advisory/sa119", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1202868", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201512-10", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201605-06", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data."}, {"lang": "es", "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en el decodificador ASN.1 en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.1 y 3.20.x en versiones anteriores a 3.20.1, como se utiliza en Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 y otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos OCTET STRING manipulados."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:traffic_director:11.1.1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEFBE568-3193-45BA-92D1-D5E47C09DDEE"}, {"criteria": "cpe:2.3:a:oracle:traffic_director:11.1.1.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EB3B106-0E2D-4363-B768-4AC84F568F2A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:opensso:3.0-0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F9EB0C2-3654-46FD-81A0-6EF7BE87B58B"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE9E3545-A799-427A-8FE4-1E8231A7A284"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE"}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F007CC6-9391-4E1C-A747-F3DE5E572FA5"}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45E9641F-430C-4B3A-BD63-EC13DBD3D1E4"}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD"}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1343A1FD-98CF-4A6C-A697-1253E538FD5C"}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D098567-B55E-4EAC-8FAA-31FAFDD4058F"}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE0389BC-D295-4957-8AE7-EDAC770F596D"}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E75E69A5-AC94-4F35-9EFB-1BFF8B78210D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E80F5AC-A2EF-4D8A-AE8F-5DD0FF9B48C2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39EA735D-20A8-4595-BFF8-7B1F5A32CDA2", "versionEndIncluding": "3.19.2.0"}, {"criteria": "cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95762E75-6DEC-4B1C-87B4-A4EA1937B710"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A972CA67-3909-4E9A-B8FC-7AAE5126528A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A741F21D-4095-47E0-AAB4-DDBDAAC5BAB1", "versionEndIncluding": "41.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}