CVE-2015-7181
nss - security update
EPSS 5.0%
Description
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
How to fix CVE-2015-7181
To remediate CVE-2015-7181, upgrade the affected package to a fixed version below.
- Debian/nss—upgrade to 2:3.20.1-1 or later
- —upgrade to 3.12.8-1+squeeze13 or later
- —upgrade to 2:3.14.5-1+deb7u6 or later
Is CVE-2015-7181 being exploited?
Moderate — EPSS is 5.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 2:3.20.1-1
- from 0, < 3.12.8-1+squeeze13
- from 0, < 2:3.14.5-1+deb7u6