7.5
CVE-2020-25648
- EPSS 0.12%
- Veröffentlicht 20.10.2020 22:15:43
- Zuletzt bearbeitet 21.11.2024 05:18:20
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Network Security Services Version < 3.58
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Fedoraproject ≫ Fedora Version31
Fedoraproject ≫ Fedora Version32
Fedoraproject ≫ Fedora Version33
Oracle ≫ Communications Offline Mediation Controller Version12.0.0.3.0
Oracle ≫ Communications Pricing Design Center Version12.0.0.3.0
Oracle ≫ Jd Edwards Enterpriseone Tools Version < 9.2.6.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.283 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.