Denial Of Service (DoS)

2019-01-1509:17:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

nss is vulnerable to denial of service (DoS) attacks. The vulnerability exists as a null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.

CPENameOperatorVersion
nsseq3.15.1__15.el6
nsseq3.12.8__1.el6_0
nsseq3.13.3__6.el6
nsseq3.13.3__8.el6
nsseq3.15.3__3.el6_5
nsseq3.14.3__4.el6_4
nsseq3.16.1__7.el6_5
nsseq3.19.1__3.el6_6
nsseq3.14.0.0__12.el6
nsseq3.16.1__4.el6_5

Name	Operator	Version
nss	eq	3.15.1__15.el6
nss	eq	3.12.8__1.el6_0
nss	eq	3.13.3__6.el6
nss	eq	3.13.3__8.el6
nss	eq	3.15.3__3.el6_5
nss	eq	3.14.3__4.el6_4
nss	eq	3.16.1__7.el6_5
nss	eq	3.19.1__3.el6_6
nss	eq	3.14.0.0__12.el6
nss	eq	3.16.1__4.el6_5