7.5 High
AI Score
Confidence
High
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.014 Low
EPSS
Percentile
86.1%
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | nss | < 3.12.3-1 | nss_3.12.3-1_all.deb |
Debian | 11 | all | nss | < 3.12.3-1 | nss_3.12.3-1_all.deb |
Debian | 10 | all | nss | < 3.12.3-1 | nss_3.12.3-1_all.deb |
Debian | 999 | all | nss | < 3.12.3-1 | nss_3.12.3-1_all.deb |
Debian | 13 | all | nss | < 3.12.3-1 | nss_3.12.3-1_all.deb |
Debian | 12 | all | openssl | < 0.9.8k-4 | openssl_0.9.8k-4_all.deb |
Debian | 11 | all | openssl | < 0.9.8k-4 | openssl_0.9.8k-4_all.deb |
Debian | 10 | all | openssl | < 0.9.8k-4 | openssl_0.9.8k-4_all.deb |
Debian | 999 | all | openssl | < 0.9.8k-4 | openssl_0.9.8k-4_all.deb |
Debian | 13 | all | openssl | < 0.9.8k-4 | openssl_0.9.8k-4_all.deb |