[Debian] CVE: CVE-2023-0767: nss: result in execution of arbitrary code
Bug #2020722 reported by
Yue Tao
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Unassigned |
Bug Description
CVE-2023-0767: https:/
Base Score: High (refer to https:/
Christian Holler discovered that incorrect handling of PKCS 12 Safe Bag attributes in nss, the Mozilla Network Security Service library, may result in execution of arbitrary code if a specially crafted PKCS 12 certificate bundle is processed.
References:
https:/
['libnss3_
CVE References
Changed in starlingx: | |
importance: | Undecided → High |
status: | New → Triaged |
tags: | added: stx.9.0 stx.security |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/884670
Review: https:/