{ "threat_severity" : "Important", "public_date" : "2013-11-13T00:00:00Z", "bugzilla" : { "description" : "nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103)", "id" : "1030807", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1030807" }, "cvss" : { "cvss_base_score" : "6.8", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status" : "verified" }, "details" : [ "Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2013-12-05T00:00:00Z", "advisory" : "RHSA-2013:1791", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "nspr-0:4.10.2-2.el5_10" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2013-12-05T00:00:00Z", "advisory" : "RHSA-2013:1791", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "nss-0:3.15.3-3.el5_10" }, { "product_name" : "Red Hat Enterprise Linux 5.3 Long Life", "release_date" : "2013-12-16T00:00:00Z", "advisory" : "RHSA-2013:1841", "cpe" : "cpe:/o:redhat:rhel_mission_critical:5.3", "package" : "nss-0:3.12.3.99.3-3.el5_3" }, { "product_name" : "Red Hat Enterprise Linux 5.6 EUS - Server Only", "release_date" : "2013-12-16T00:00:00Z", "advisory" : "RHSA-2013:1841", "cpe" : "cpe:/o:redhat:rhel_eus:5.6", "package" : "nss-0:3.12.8-8.el5_6" }, { "product_name" : "Red Hat Enterprise Linux 5.9 Extended Update Support", "release_date" : "2013-12-16T00:00:00Z", "advisory" : "RHSA-2013:1841", "cpe" : "cpe:/o:redhat:rhel_eus:5.9", "package" : "nss-0:3.14.3-8.el5_9" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2013-12-12T00:00:00Z", "advisory" : "RHSA-2013:1829", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "nspr-0:4.10.2-1.el6_5" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2013-12-12T00:00:00Z", "advisory" : "RHSA-2013:1829", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "nss-0:3.15.3-2.el6_5" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2013-12-12T00:00:00Z", "advisory" : "RHSA-2013:1829", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "nss-util-0:3.15.3-1.el6_5" }, { "product_name" : "Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only", "release_date" : "2013-12-16T00:00:00Z", "advisory" : "RHSA-2013:1840", "cpe" : "cpe:/o:redhat:rhel_eus:6.2", "package" : "nss-0:3.13.1-9.el6_2" }, { "product_name" : "Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only", "release_date" : "2013-12-16T00:00:00Z", "advisory" : "RHSA-2013:1840", "cpe" : "cpe:/o:redhat:rhel_eus:6.3", "package" : "nss-0:3.13.6-3.el6_3" }, { "product_name" : "Red Hat Enterprise Linux 6.4 Extended Update Support", "release_date" : "2013-12-16T00:00:00Z", "advisory" : "RHSA-2013:1840", "cpe" : "cpe:/o:redhat:rhel_eus:6.4", "package" : "nss-0:3.14.3-5.el6_4" }, { "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6", "release_date" : "2014-01-21T00:00:00Z", "advisory" : "RHSA-2014:0041", "cpe" : "cpe:/o:redhat:enterprise_linux:6::hypervisor", "package" : "rhev-hypervisor6-0:6.5-20140112.0.el6ev" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "nss", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux Extended Update Support 5.3", "fix_state" : "Affected", "package_name" : "nss", "cpe" : "cpe:/o:redhat:rhel_eus:5.3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-5605\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-5605" ], "name" : "CVE-2013-5605", "csaw" : false }