nss Client Authentication Vulnerability in Mozilla Products
CVE-2022-3479

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Nss
Vendor: CVE Published:; 14 October 2022

What is CVE-2022-3479?

A vulnerability in the nss client authentication process allows for a segmentation fault or application crash when there is no user certificate in the database. This issue can potentially disrupt operations depending on the nss for secure communications, leading to unexpected application behaviors.

Affected Version(s)

nss 3.81

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1774654

https://bugzilla.redhat.com/show_bug.cgi?id=2134331

https://security.gentoo.org/glsa/202212-05

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2022
Vulnerability Reserved
Oct 13, 2022