CVE-2017-11696

7.8HIGH

Key Information:

Vendor: Mozilla
Status: Network Security Services
Vendor: CVE Published:; 27 December 2017

Summary

Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.

References

http://www.securitytracker.com/id/1039153

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/100345

vdb-entryx_refsource_BID

http://www.geeknik.net/9brdqk6xu

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 27, 2017
Vulnerability Reserved
Jul 27, 2017