{
  "threat_severity" : "Moderate",
  "public_date" : "2014-06-10T00:00:00Z",
  "bugzilla" : {
    "description" : "Mozilla: Out of bounds write in NSPR (MFSA 2014-55)",
    "id" : "1107432",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1107432"
  },
  "cvss" : {
    "cvss_base_score" : "5.1",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-787",
  "details" : [ "Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.", "An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox." ],
  "acknowledgement" : "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2014-09-16T00:00:00Z",
    "advisory" : "RHSA-2014:1246",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "nss-0:3.16.1-2.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2014-07-22T00:00:00Z",
    "advisory" : "RHSA-2014:0917",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "nspr-0:4.10.6-1.el6_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2014-07-22T00:00:00Z",
    "advisory" : "RHSA-2014:0917",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "nss-0:3.16.1-4.el6_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2014-07-22T00:00:00Z",
    "advisory" : "RHSA-2014:0917",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "nss-util-0:3.16.1-1.el6_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-03-05T00:00:00Z",
    "advisory" : "RHBA-2015:0364",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "nspr-0:4.10.6-3.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-03-05T00:00:00Z",
    "advisory" : "RHBA-2015:0364",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "nss-0:3.16.2.3-5.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-03-05T00:00:00Z",
    "advisory" : "RHBA-2015:0364",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "nss-softokn-0:3.16.2.3-9.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-03-05T00:00:00Z",
    "advisory" : "RHBA-2015:0364",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "nss-util-0:3.16.2.3-2.el7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-1545\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1545\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-55.html" ],
  "name" : "CVE-2014-1545",
  "csaw" : false
}