CVE-2014-1492 in Mozilla Network Security Servicesinfo

Summary

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name s U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

Reservation

01/16/2014

Disclosure

03/25/2014

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
12685	Mozilla Network Security Services p12creat.c sec_pkcs12_new_asafe input validation	20	Unproven	Official fix	CVE-2014-1492
12684	Mozilla Network Security Services Domain Name input validation	20	Unproven	Official fix	CVE-2014-1492

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!