SB2024111055 - Debian update for nss

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024111055

SB2024111055 - Debian update for nss

Published: November 10, 2024

Security Bulletin ID SB2024111055
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Unchecked Return Value (CVE-ID: CVE-2024-0743)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an unchecked return value in TLS handshake code in NSS TLS method. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.


2) Buffer overflow (CVE-ID: CVE-2024-6602)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in NSS. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Double free (CVE-ID: CVE-2024-6609)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in NSS. A remote attacker can force the browser to free an elliptic curve key which was never allocated and crash the browser.


Remediation

Install update from vendor's website.

References