7.5

CVE-2017-7502

Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.3% 0.899
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.debian.org/security/2017/dsa-3872
http://www.securityfocus.com/bid/98744
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038579
https://access.redhat.com/errata/RHSA-2017:1364
https://access.redhat.com/errata/RHSA-2017:1365
https://access.redhat.com/errata/RHSA-2017:1567
https://access.redhat.com/errata/RHSA-2017:1712
https://hg.mozilla.org/projects/nss/rev/55ea60effd0d
Patch