CVE-2015-7181 (retired)

Priority
Description
The sec_asn1d_parse_leaf function in Mozilla Network Security Services
(NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before
42.0 and Firefox ESR 38.x before 38.4 and other products, improperly
restricts access to an unspecified data structure, which allows remote
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via crafted OCTET STRING data, related to a
"use-after-poison" issue.
Assigned-to
mdeslaur
Package
Upstream:released (42.0)
Ubuntu 16.04 LTS (Xenial Xerus):released (42.0+build2-0ubuntu1)
Package
Priority: Low
Upstream:released (38.4.0)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:38.4.0+build3-0ubuntu1)
More Information

Updated: 2019-09-19 15:55:32 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)