CVE-2015-7182

CRITICAL

Oracle Traffic Director < 3.19.2.0 - Memory Corruption

Title source: rule

Description

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.

References (34)

Core 34

Core References

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034069

Various Sources x_refsource_confirm

https://bto.bluecoat.com/security-advisory/sa119

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2016/dsa-3688

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2015/dsa-3410

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201512-10

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1202868

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html

Vendor Advisory x_refsource_confirm

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2785-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2791-1

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2015-1981.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2819-1

Patch x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/91787

Vendor Advisory x_refsource_confirm

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2015-1980.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2015/dsa-3393

Vendor Advisory x_refsource_confirm

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/77416

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201605-06

Vendor Advisory vendor-advisory x_refsource_slackware

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2015/mfsa2015-133.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html

Scores

CVSS v3 9.8

EPSS 0.1104

EPSS Percentile 93.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (17)

mozilla/firefox 38.0

mozilla/firefox 38.0.1

mozilla/firefox 38.0.5

mozilla/firefox 38.1.0

mozilla/firefox 38.1.1

mozilla/firefox 38.2.0

mozilla/firefox 38.2.1

mozilla/firefox 38.3.0

mozilla/firefox < 41.0.2

mozilla/network_security_services 3.20.0

... and 7 more

Published Nov 05, 2015

Tracked Since Feb 18, 2026