7.5
CVE-2020-25648
- EPSS 3.85%
- Veröffentlicht 20.10.2020 22:15:43
- Zuletzt bearbeitet 21.11.2024 05:18:20
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Network Security Services Version < 3.58
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Fedoraproject ≫ Fedora Version31
Fedoraproject ≫ Fedora Version32
Fedoraproject ≫ Fedora Version33
Oracle ≫ Communications Offline Mediation Controller Version12.0.0.3.0
Oracle ≫ Communications Pricing Design Center Version12.0.0.3.0
Oracle ≫ Jd Edwards Enterpriseone Tools Version < 9.2.6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.85% | 0.888 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://bugzilla.redhat.com/show_bug.cgi?id=1887319
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
https://lists.debian.org/debian-lts-announce/2023/10/msg00039.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERA5SVJQXQMDGES7RIT4F4NQVLD35RXN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRM53IQCPZT2US3M7JXTP6I6IBA5RGOD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RPOLN6DJUYQ3QBQEGLZGV73SNIPK7GHV/