ALT-PU-2020-3119-1

Package update nss in branch sisyphus

Version3.58.0-alt1

Published2020-10-24

Max severityHIGH

Severity:

Closed issues (2)

HIGH7.5

Уязвимость пакета библиотек для сетевой защиты приложений NSS, связанная с выделением неограниченной памяти, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-10-27Modified: 2023-11-13

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

References

CVE-2020-25648

HIGH7.5

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

Published: 2020-10-20Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References