Lucene search

[email protected]NVD:CVE-2020-25648

HistoryOct 20, 2020 - 10:15 p.m.

CVE-2020-25648

2020-10-2022:15:43

CWE-770

[email protected]

web.nvd.nist.gov

nss

ccs messages

denial of service

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.008

Percentile

82.1%

JSON

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

Affected configurations

Nvd

Node

mozillanetwork_security_servicesRange<3.58

Node

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch8.0

Node

fedoraprojectfedoraMatch31

fedoraprojectfedoraMatch32

fedoraprojectfedoraMatch33

Node

oraclecommunications_offline_mediation_controllerMatch12.0.0.3.0

oraclecommunications_pricing_design_centerMatch12.0.0.3.0

oraclejd_edwards_enterpriseone_toolsRange<9.2.6.0

VendorProductVersionCPE
mozillanetwork_security_services*cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
fedoraprojectfedora31cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
fedoraprojectfedora32cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
oraclecommunications_offline_mediation_controller12.0.0.3.0cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*
oraclecommunications_pricing_design_center12.0.0.3.0cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
oraclejd_edwards_enterpriseone_tools*cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	network_security_services	*	cpe:2.3:a:mozilla:network_security_services::::::::
redhat	enterprise_linux	7.0	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
fedoraproject	fedora	31	cpe:2.3:o:fedoraproject:fedora:31:::::::*
fedoraproject	fedora	32	cpe:2.3:o:fedoraproject:fedora:32:::::::*
fedoraproject	fedora	33	cpe:2.3:o:fedoraproject:fedora:33:::::::*
oracle	communications_offline_mediation_controller	12.0.0.3.0	cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:::::::*
oracle	communications_pricing_design_center	12.0.0.3.0	cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:::::::*
oracle	jd_edwards_enterpriseone_tools	*	cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::