Lucene search
K

4 matches found

CVE
CVE
added 2021/12/08 12:0 a.m.666 views

CVE-2021-43527

CVE-2021-43527 describes a heap overflow in NSS when handling DER-encoded DSA or RSA-PSS signatures. The vulnerability affects NSS versions prior to 3.73 (and 3.68.1 ESR for some configurations) and can impact applications using NSS for signatures in CMS, S/MIME, PKCS#7, or PKCS#12, as well as th...

9.8CVSS9.6AI score0.17563EPSS
CVE
CVE
added 2021/05/27 12:0 a.m.342 views

CVE-2020-12403

CVE-2020-12403 affects NSS where the CHACHA20-POLY1305 implementation for multi-part ChaCha20 could trigger out-of-bounds reads in versions prior to 3.55. The fix disables multi-part ChaCha20 (which was malfunctioning) and enforces the ChaCha20-Poly1305 tag length, reducing confidentiality and av...

9.1CVSS8.8AI score0.01541EPSS
CVE
CVE
added 2023/12/12 5:2 p.m.294 views

CVE-2023-4421

CVE-2023-4421 concerns the NSS library’s handling of PKCS#1 v1.5 padding, where timing side-channel leakage exposed information about padding validity and message length. This could enable Bleichenbacher-like attacks, allowing an attacker to decrypt previously intercepted PKCS#1 v1.5 ciphertext (...

6.5CVSS6.2AI score0.00628EPSS
CVE
CVE
added 2019/11/15 3:44 p.m.163 views

CVE-2016-5285

CVE-2016-5285 is a NULL pointer dereference in Mozilla NSS caused by a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime. The vulnerability can allow a remote attacker to crash a TLS/SSL server (Denial of Service). Affected context in the provided documents includes NS...

7.5CVSS7.2AI score0.02279EPSS