[3.3] nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (CVE-2017-5461)
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through
3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1
allows remote attackers to cause a denial of service (out-of-bounds
write) or possibly have unspecified other impact by leveraging incorrect
base64 operations.
References:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/\#CVE-2017-5461
https://nvd.nist.gov/vuln/detail/CVE-2017-5461
(from redmine: issue id 7307, created on 2017-05-22, closed on 2017-08-22)
- Relations:
- parent #7304 (closed)
- Changesets:
- Revision 2eccc618 by Natanael Copa on 2017-08-22T18:29:32Z:
main/nss: backport secfixes (CVE-2017-5461, CVE-2017-5462)
fixes #7307