Vigil@nce - NSS, NSPR: denial of service via CERT_DecodeCertPackage
September 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force the CERT_DecodeCertPackage() function to
read at an invalid address, in order to trigger a denial of
service.
Impacted products: RHEL, Unix (platform)
Severity: 2/4
Creation date: 28/08/2013
DESCRIPTION OF THE VULNERABILITY
The NSS/NSPR library implements cryptographic features.
The CERT_DecodeCertPackage() function reads an X.509 certificate.
However, if it is malformed, this function reads after the end of
data. Technical details are unknown.
An attacker can therefore force the CERT_DecodeCertPackage()
function to read at an invalid address, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/NSS-NSPR-denial-of-service-via-CERT-DecodeCertPackage-13321