Critical NSS Vulnerability Exposes Systems to Denial of Service Risks

A vulnerability in the Network Security Service (NSS) library has been discovered, which could allow attackers to crash the service or expose sensitive information through specially crafted input. This flaw, identified by Haruto Kimura, involves improper handling of PKCS#11 URI escape sequences. Affected systems include Ubuntu versions 22.04 LTS, 24.04 LTS, 25.10, and 26.04 LTS. Users are advised to update their systems to mitigate the risk. The vulnerability could lead to denial of service attacks or information leaks, making it critical for administrators to act promptly. The issue has been documented in Ubuntu Security Notice USN-8481-1, and a standard system update will address the problem.

Key Points: • NSS vulnerability allows denial of service or sensitive information exposure. • Affected Ubuntu versions include 22.04 LTS, 24.04 LTS, 25.10, and 26.04 LTS. • Users are urged to update their systems to mitigate the risk.