SB2015113007 - Buffer overflow in nspr (Alpine package)
Published: November 30, 2015
Security Bulletin ID
SB2015113007
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2015-7183)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=9ac33818d81877a371c90f9e93d3ebc162fffd6f
- https://git.alpinelinux.org/aports/commit/?id=ade89daaa06e20736c57d7cdaa74338ab93ff0d8
- https://git.alpinelinux.org/aports/commit/?id=7df429e6fc6fd00eced7c89389178a5092fcceb8
- https://git.alpinelinux.org/aports/commit/?id=69fb0e1f20c39292fcd4d5bad5085a96e33cb6c3