7.5
CVE-2017-7502
- EPSS 4.53%
- Veröffentlicht 30.05.2017 18:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginNull pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Network Security Services Version3.24.0
Mozilla ≫ Network Security Services Version3.25.0
Mozilla ≫ Network Security Services Version3.25.1
Mozilla ≫ Network Security Services Version3.26.0
Mozilla ≫ Network Security Services Version3.26.2
Mozilla ≫ Network Security Services Version3.27.0
Mozilla ≫ Network Security Services Version3.27.1
Mozilla ≫ Network Security Services Version3.27.2
Mozilla ≫ Network Security Services Version3.28.0
Mozilla ≫ Network Security Services Version3.28.1
Mozilla ≫ Network Security Services Version3.28.2
Mozilla ≫ Network Security Services Version3.28.3
Mozilla ≫ Network Security Services Version3.29.0
Mozilla ≫ Network Security Services Version3.29.1
Mozilla ≫ Network Security Services Version3.29.2
Mozilla ≫ Network Security Services Version3.29.3
Mozilla ≫ Network Security Services Version3.30.0
Mozilla ≫ Network Security Services Version3.30.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.53% | 0.887 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.