nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (CVE-2017-5461)
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through
3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1
allows remote attackers to cause a denial of service (out-of-bounds
write) or possibly have unspecified other impact by leveraging incorrect
base64 operations.
References:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/\#CVE-2017-5461
https://nvd.nist.gov/vuln/detail/CVE-2017-5461
(from redmine: issue id 7304, created on 2017-05-22, closed on 2017-08-22)
- Relations:
- child #7305 (closed)
- child #7306 (closed)
- child #7307 (closed)