CVE-2013-5606 (retired)

Priority
Description
The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network
Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return
value for an incompatible key-usage certificate when the CERTVerifyLog
argument is valid, which might allow remote attackers to bypass intended
access restrictions via a crafted certificate.
Assigned-to
mdeslaur
Package
Source: nss (LP Ubuntu Debian)
Upstream:released (3.15.3)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (2:3.15.3-1)
More Information

Updated: 2019-03-26 12:10:30 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)