Vulnerability Details : CVE-2013-5605
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-5605
Probability of exploitation activity in the next 30 days: 9.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-5605
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-5605
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5605
-
https://bugzilla.mozilla.org/show_bug.cgi?id=934016
934016 - (CVE-2013-5605) Null_Cipher (used during handshake) does not respect maxOutputLen, copying an attacker-supplied # of bytes
-
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Oracle Critical Patch Update - January 2016
-
http://rhn.redhat.com/errata/RHSA-2013-1841.html
RHSA-2013:1841 - Security Advisory - Red Hat Customer Portal
-
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
VMSA-2014-0012.1
-
http://www.ubuntu.com/usn/USN-2031-1
USN-2031-1: Firefox vulnerabilities | Ubuntu security notices
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Juniper Networks - 2016-10 Security Bulletin: CTPView: Multiple vulnerabilities in CTPView
-
http://www.ubuntu.com/usn/USN-2030-1
USN-2030-1: NSS vulnerabilities | Ubuntu security notices
-
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Oracle Critical Patch Update - July 2014
-
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html
[security-announce] SUSE-SU-2013:1807-1: important: Security update for
-
http://www.debian.org/security/2013/dsa-2800
Debian -- Security Information -- DSA-2800-1 nss
-
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
Oracle Critical Patch Update - October 2014
-
https://developer.mozilla.org/docs/NSS/NSS_3.14.5_release_notes
NSS 3.14.5 release notes - Mozilla | MDNPatch
-
http://rhn.redhat.com/errata/RHSA-2014-0041.html
RHSA-2014:0041 - Security Advisory - Red Hat Customer Portal
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
http://seclists.org/fulldisclosure/2014/Dec/23
Full Disclosure: NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
-
http://security.gentoo.org/glsa/glsa-201406-19.xml
Mozilla Network Security Service: Multiple vulnerabilities (GLSA 201406-19) — Gentoo security
-
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Oracle Critical Patch Update - January 2015
-
https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes
NSS 3.15.3 release notes - Mozilla | MDNPatch
-
http://www.ubuntu.com/usn/USN-2032-1
USN-2032-1: Thunderbird vulnerabilities | Ubuntu security notices
-
http://www.securityfocus.com/archive/1/534161/100/0/threaded
SecurityFocus
-
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html
Miscellaneous Network Security Services (NSS) vulnerabilities — Mozilla
-
http://rhn.redhat.com/errata/RHSA-2013-1829.html
RHSA-2013:1829 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html
openSUSE-SU-2013:1732-1: moderate: update for mozilla-nss
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016
-
http://www.securityfocus.com/bid/63738
Mozilla Network Security Services CVE-2013-5605 Remote Arbitrary Code Execution Vulnerability
-
http://rhn.redhat.com/errata/RHSA-2013-1840.html
RHSA-2013:1840 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-1791.html
RHSA-2013:1791 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-updates/2013-11/msg00078.html
openSUSE-SU-2013:1730-1: moderate: update for mozilla-nss and mozilla-ns
Products affected by CVE-2013-5605
- cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*