CVE-2017-5461

Name: CVE-2017-5461
Creator: NVD / NIST
Published: 2017-05-11T01:29:05.807+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.74%

Last modified Jun 17, 2026

CVE-2017-5461 is a vulnerability of currently unknown severity. Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.. EPSS estimates a 4.74% chance of exploitation in the next 30 days.

Description

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.

Metrics

EPSS Probability

4.74%

90.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-787

Affected Software

Vendor	Product	Versions
Mozilla	Network Security Services	< 3.21.4
Mozilla	Network Security Services	> 3.22, < 3.28.4
Mozilla	Network Security Services	>= 3.29, < 3.29.5
Mozilla	Network Security Services	>= 3.30, < 3.30.1

References

http://www.debian.org/security/2017/dsa-3831Patch
http://www.debian.org/security/2017/dsa-3872Patch
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch
http://www.securityfocus.com/bid/98050Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1038320Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2017:1100Patch
https://access.redhat.com/errata/RHSA-2017:1101Patch
https://access.redhat.com/errata/RHSA-2017:1102Patch
https://access.redhat.com/errata/RHSA-2017:1103Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=1344380Issue Tracking, Permissions Required
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notesRelease Notes, Vendor Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notesRelease Notes, Vendor Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notesRelease Notes, Vendor Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notesRelease Notes, Vendor Advisory
https://security.gentoo.org/glsa/201705-04Third Party Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461Vendor Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461Vendor Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461Vendor Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461Vendor Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
http://www.debian.org/security/2017/dsa-3831Patch
http://www.debian.org/security/2017/dsa-3872Patch
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch
http://www.securityfocus.com/bid/98050Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1038320Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2017:1100Patch
https://access.redhat.com/errata/RHSA-2017:1101Patch
https://access.redhat.com/errata/RHSA-2017:1102Patch
https://access.redhat.com/errata/RHSA-2017:1103Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=1344380Issue Tracking, Permissions Required
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notesRelease Notes, Vendor Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notesRelease Notes, Vendor Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notesRelease Notes, Vendor Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notesRelease Notes, Vendor Advisory
https://security.gentoo.org/glsa/201705-04Third Party Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461Vendor Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461Vendor Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461Vendor Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461Vendor Advisory
https://www.oracle.com//security-alerts/cpujul2021.html

Timeline

Published: May 11, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-5461?

How severe is CVE-2017-5461?

Severity scoring for CVE-2017-5461 is pending analysis. The EPSS model estimates a 4.74% probability of exploitation in the next 30 days.

How do I fix CVE-2017-5461?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-5461?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST