Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
oryginał ENCVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:PHP Ux
OSHp11.0011.1111.23Mozilla Network Security Services
APPMozilla3.23.2.13.33.3.13.3.23.43.4.13.4.23.53.63.6.13.73.7.13.7.23.7.3+ 4 więcejNetscape Certificate Server
APPNetscape1.04.2Netscape Directory Server
APPNetscape1.33.13.124.14.114.13Netscape Enterprise Server
APPNetscape2.02.0.1c2.0a3.03.0.13.0.1b3.0.7a3.0l3.13.23.33.43.53.5.13.6+ 4 więcejNetscape Personalization Engine
APPNetscapewszystkie wersjeSun Java Enterprise System
APPSun2003q42004q2Sun Java System Application Server
APPSun7.07.1Sun One Application Server
APPSun6.0Sun One Web Server
APPSun4.16.06.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEMemory
Referencje
Powiązane podatności
CVE-2012-1823CRITICAL9.8⚠ KEVten sam produkt
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi)...
CVE-2025-36038CRITICAL9.0PL ✓ten sam produkt
RCE w IBM WebSphere Application Server przez niebezpieczną deserializację
CVE-2021-39085CRITICAL9.8ten sam produkt
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 thr...
CVE-2022-28623CRITICAL9.8ten sam produkt
Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or u...
CVE-2022-22317CRITICAL9.8ten sam produkt
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow...