Mozilla Network Security Services 3.41

CPE Details

Mozilla Network Security Services 3.41
mozilla
network_security_services
3.41
2019-05-03
10h47 +00:00
2019-05-03
10h47 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:mozilla:network_security_services:3.41:*:*:*:*:*:*:*

Informations

Vendor

mozilla

Product

network_security_services

Version

3.41

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-17007 2020-10-22 18h28 +00:00 In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
7.5
High
CVE-2019-17006 2020-10-22 18h24 +00:00 In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
9.8
Critical
CVE-2018-18508 2020-10-22 18h14 +00:00 In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
6.5
Medium
CVE-2020-25648 2020-10-19 22h00 +00:00 A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.