The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Network_security_services | Mozilla | 3.15 (including) | 3.15 (including) |
| Network_security_services | Mozilla | 3.15.1 (including) | 3.15.1 (including) |
| Network_security_services | Mozilla | 3.15.2 (including) | 3.15.2 (including) |
| Red Hat Enterprise Linux 5 | RedHat | nspr-0:4.10.2-2.el5_10 | * |
| Red Hat Enterprise Linux 5 | RedHat | nss-0:3.15.3-3.el5_10 | * |
| Red Hat Enterprise Linux 6 | RedHat | nspr-0:4.10.2-1.el6_5 | * |
| Red Hat Enterprise Linux 6 | RedHat | nss-0:3.15.3-2.el6_5 | * |
| Red Hat Enterprise Linux 6 | RedHat | nss-util-0:3.15.3-1.el6_5 | * |
| RHEV 3.X Hypervisor and Agents for RHEL-6 | RedHat | rhev-hypervisor6-0:6.5-20140112.0.el6ev | * |
| Nss | Ubuntu | lucid | * |
| Nss | Ubuntu | precise | * |
| Nss | Ubuntu | quantal | * |
| Nss | Ubuntu | raring | * |
| Nss | Ubuntu | saucy | * |
| Nss | Ubuntu | upstream | * |