CVE-2017-5462
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-5462
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5462.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-5462
- Related
- Published
- 2018-06-11T21:29:07Z
- Modified
- 2024-09-11T04:16:24.684498Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
- References
-
- http://www.securityfocus.com/bid/97940
- http://www.securitytracker.com/id/1038320
- https://security.gentoo.org/glsa/201705-04
- https://www.debian.org/security/2017/dsa-3831
- https://www.debian.org/security/2017/dsa-3872
- https://www.mozilla.org/security/advisories/mfsa2017-10/
- https://www.mozilla.org/security/advisories/mfsa2017-11/
- https://www.mozilla.org/security/advisories/mfsa2017-12/
- https://www.mozilla.org/security/advisories/mfsa2017-13/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1345089
- https://security.alpinelinux.org/vuln/CVE-2017-5462
- https://security-tracker.debian.org/tracker/CVE-2017-5462
Affected packages
Alpine:v3.3 / nss
Package
- Name
- nss
- Purl
- pkg:apk/alpine/nss?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.23-r1
Affected versions
3.*
3.12.6-r0
3.12.7-r0
3.12.8-r0
3.12.8-r1
3.12.8-r2
3.12.8-r3
3.12.8-r4
3.12.8-r5
3.12.8-r6
3.12.9-r6
3.12.10-r6
3.12.11-r1
3.12.11-r6
3.13.1-r0
3.13.1-r1
3.13.3-r0
3.13.4-r0
3.13.4-r1
3.13.5-r0
3.13.6-r0
3.14-r0
3.14.1-r0
3.14.1.1.93-r0
3.14.3-r0
3.15.1-r0
3.15.1-r1
3.15.1-r2
3.15.2-r0
3.15.3-r0
3.15.3.1-r0
3.15.4-r0
3.15.5-r0
3.16-r0
3.16.1-r0
3.16.3-r0
3.17.1-r0
3.17.2-r0
3.17.3-r0
3.17.4-r0
3.18-r0
3.18.1-r0
3.19.2-r0
3.19.2-r1
3.20-r0
3.20.1-r0
3.20.2-r0
3.21-r0
3.21.1-r0
3.23-r0
Alpine:v3.4 / nss
Package
- Name
- nss
- Purl
- pkg:apk/alpine/nss?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.23-r1
Affected versions
3.*
3.12.6-r0
3.12.7-r0
3.12.8-r0
3.12.8-r1
3.12.8-r2
3.12.8-r3
3.12.8-r4
3.12.8-r5
3.12.8-r6
3.12.9-r6
3.12.10-r6
3.12.11-r1
3.12.11-r6
3.13.1-r0
3.13.1-r1
3.13.3-r0
3.13.4-r0
3.13.4-r1
3.13.5-r0
3.13.6-r0
3.14-r0
3.14.1-r0
3.14.1.1.93-r0
3.14.3-r0
3.15.1-r0
3.15.1-r1
3.15.1-r2
3.15.2-r0
3.15.3-r0
3.15.3.1-r0
3.15.4-r0
3.15.5-r0
3.16-r0
3.16.1-r0
3.16.3-r0
3.17.1-r0
3.17.2-r0
3.17.3-r0
3.17.4-r0
3.18-r0
3.18.1-r0
3.19.2-r0
3.19.2-r1
3.20-r0
3.20.1-r0
3.21-r0
3.22-r0
3.22.1-r0
3.22.3-r0
3.23-r0
Debian:11 / firefox-esr
Package
- Name
- firefox-esr
- Purl
- pkg:deb/debian/firefox-esr?arch=source
Debian:12 / firefox-esr
Package
- Name
- firefox-esr
- Purl
- pkg:deb/debian/firefox-esr?arch=source
Debian:13 / firefox-esr
Package
- Name
- firefox-esr
- Purl
- pkg:deb/debian/firefox-esr?arch=source
Debian:11 / nss
Package
- Name
- nss
- Purl
- pkg:deb/debian/nss?arch=source
Debian:12 / nss
Package
- Name
- nss
- Purl
- pkg:deb/debian/nss?arch=source
Debian:13 / nss
Package
- Name
- nss
- Purl
- pkg:deb/debian/nss?arch=source