logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2019-17023

Description

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.


Affected Package


OS OS Version Package Name Package Version
Debian 999 firefox 101.0.1-1
Debian 12 nss 2:3.79-1
Debian 11 nss 2:3.61-1+deb11u2
Debian 10 nss 2:3.42.1-1+deb10u5
Debian 999 nss 2:3.79-1
Debian 9 nss 2:3.26.2-1.1+deb9u1

Related