CVE-2014-1568

Google Chrome < 37.0.2062.120 - Cryptographic Issue

Title source: rule
STIX 2.1

Description

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

References (34)

Core 34
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/772676
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1307.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/70116
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2360-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/96194
Vendor Advisory x_refsource_confirm
http://www.novell.com/support/kb/doc.php?id=7015701
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61575
Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1069405
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1064636
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201504-01
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61574
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2361-1
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-3033
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-3034
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-3037
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2360-2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61540
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61576
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61583
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1371.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1354.html

Scores

EPSS 0.3360
EPSS Percentile 97.0%

Details

CWE
CWE-310
Status published
Products (50)
google/chrome 37.0.2062.0
google/chrome 37.0.2062.3
google/chrome 37.0.2062.20
google/chrome 37.0.2062.100
google/chrome 37.0.2062.102
google/chrome < 37.0.2062.120
mozilla/firefox 31.0
mozilla/firefox 31.1.0
mozilla/firefox 32.0.1
mozilla/firefox 32.0.2
... and 40 more
Published Sep 25, 2014
Tracked Since Feb 18, 2026