Main Vulnerability Database SB2013120314

SB2013120314 - Input validation error in nspr (Alpine package)

Published: December 3, 2013

Security Bulletin ID SB2013120314

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2013-5607)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=148cd7bfc290b00e0d30a72c2ad31c9cf2af8ec0