CVE-2023-0767

Updated: 2023-11-04 20:08:12.322876

Description:

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 8.8

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS nss 3.44.0 8.8 HIGH Released CLSA-2023:1681327540 2023-04-24 08:49:15
CentOS 7 ELS nss 3.79.0 8.8 HIGH Already Fixed 2023-11-07 03:51:10
CentOS 8.4 ELS nss 3.67.0-6 8.8 HIGH Released CLSA-2023:1681739907 2023-04-17 11:04:57
CentOS 8.5 ELS nss 3.67.0-7 8.8 HIGH Released CLSA-2023:1681744375 2023-04-17 14:04:42
CloudLinux 6 ELS nss 3.44.0 8.8 HIGH Released CLSA-2023:1681326837 2023-04-24 08:49:15
Oracle Linux 6 ELS nss 3.44.0 8.8 HIGH Released CLSA-2023:1681327693 2023-04-12 17:05:09
Ubuntu 16.04 ELS nss 3.28.4-0 8.8 HIGH Released CLSA-2023:1681328662 2023-04-12 17:05:10
Ubuntu 18.04 ELS nss 3.35-2 8.8 HIGH Already Fixed 2023-04-28 08:47:28