CVE-2014-1492
EPSS 0.83%Published: 3/25/2014Modified: 4/28/2026
Also known as:DEBIAN-CVE-2014-1492
Description
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
Affected packages (1)
- Debian/nssfrom 0, < 2:3.16-1