vulnerability
Arch Linux: Arbitrary code execution (CVE-2017-5461)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | May 11, 2017 | Jul 11, 2025 | Nov 27, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
May 11, 2017
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
An out-of-bounds write during Base64 decoding operation has been found in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer.
An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. The issue has been fixed in releases 3.29.5 and 3.30.1.
An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. The issue has been fixed in releases 3.29.5 and 3.30.1.
Solution
arch-linux-upgrade-latest
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.