A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.
DescriptionHuzaifa S. Sidhpurwala
2016-02-22 04:57:48 UTC
A heap-based buffer overflow was found in the ASN.1 parsing code of NSS. A remote attacker could create a specially-crafted certificate, which when parsed by NSS, could the application linked with NSS to crash or potentially execute code with the permission of the user running such an application.
Applications such as web browsers which parse untrusted web content are specially vulnerable to this issue.
Comment 4Kai Engert (:kaie) (inactive account)
2016-02-22 16:12:48 UTC
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7.1 Extended Update Support
Red Hat Enterprise Linux 6.2 Advanced Update Support
Red Hat Enterprise Linux 6.4 Advanced Update Support
Red Hat Enterprise Linux 6.5 Advanced Update Support
Red Hat Enterprise Linux 6.6 Extended Update Support
Via RHSA-2016:0495 https://rhn.redhat.com/errata/RHSA-2016-0495.html