CVE-2015-7182

Description

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.

How to fix CVE-2015-7182

To remediate CVE-2015-7182, upgrade the affected package to a fixed version below.

—upgrade to 2:3.20.1-1 or later

Is CVE-2015-7182 being exploited?

Moderate — EPSS is 11.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 2:3.20.1-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-7182