CVE-2015-7183

Public on 2015-11-05
Modified on 2015-11-04
Description
A heap-based buffer overflow was found in NSPR. An attacker could use this flaw to cause NSPR to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSPR library.
Severity
Critical severity
Critical
CVSS v3 Base Score
6.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 jss 2015-11-05 ALAS-2015-608 Fixed
Amazon Linux 1 nspr 2015-11-05 ALAS-2015-608 Fixed
Amazon Linux 1 nss 2015-11-05 ALAS-2015-608 Fixed
Amazon Linux 1 nss-util 2015-11-05 ALAS-2015-608 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
NVD CVSSv2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P