CVE-2014-1568

Public on 2014-09-25
Modified on 2014-10-01
Description

A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS.

Severity
Important
See what this means
CVSS v3 Base Score
5.8
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 nss 2014-10-01 ALAS-2014-424
Amazon Linux 1 nss-softokn 2014-10-01 ALAS-2014-423
Amazon Linux 1 nss-util 2014-10-01 ALAS-2014-422

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N
NVD CVSSv2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P