CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-25648 – nss: TLS 1.3 CCS flood remote DoS Attack
https://notcve.org/view.php?id=CVE-2020-25648
20 Oct 2020 — A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. Se encontró un fallo en la manera en que NSS manejaba los mensajes CCS (ChangeCipherSpec) en TLS versión 1.3. • https://bugzilla.redhat.com/show_bug.cgi?id=1887319 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 0%CPEs: 21EXPL: 1CVE-2019-17006 – nss: Check length of inputs for cryptographic primitives
https://notcve.org/view.php?id=CVE-2019-17006
09 Jan 2020 — In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. En Network Security Services (NSS) versiones anteriores a 3.46, varias primitivas criptográficas presentaban una falta de comprobación de longitud. En los casos en que la aplicación que llama a la biblioteca no llevó a cabo una comprobación de saneo ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1539788 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 1CVE-2019-17007 – nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS
https://notcve.org/view.php?id=CVE-2019-17007
09 Dec 2019 — In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. En Network Security Services versiones anteriores a 3.44, una Secuencia de Certificados Netscape malformado puede causar que NSS se bloquee, resultando en una denegación de servicio Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1533216 • CWE-295: Improper Certificate Validation CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2018-18508 – nss: NULL pointer dereference in several CMS functions resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-18508
27 Feb 2019 — In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. En Network Security Services (NSS) versiones anteriores a 3.36.7 y versiones anteriores a 3.41.1, una firma malformada puede causar un bloqueo debido a una desreferencia de null, resultando en una Denegación de Servicio USN-3898-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Hanno BAPck an... • https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 48%CPEs: 1EXPL: 0CVE-2018-12404 – nss: Cache side-channel variant of the Bleichenbacher attack
https://notcve.org/view.php?id=CVE-2018-12404
05 Dec 2018 — A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. Un ataque de canal lateral en caché durante transacciones usando RSA podría permitir el descifrado de contenido encriptado. Esta es una variante del ataque Adaptive Chosen Ciphertext (conocido como ataque Bleichenbacher) y afecta a todas las versiones de N... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •