Denial Of Service (DoS)

2019-01-1509:11:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.077 Low

EPSS

Percentile

94.2%

JSON

nss is vulnerable to denial of service (DoS) attacks. The vulnerability exists as a use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.

CPENameOperatorVersion
nspreq4.7.0.99.2__1.el5
nspreq4.8.8__2.el5
nspreq4.6.5__1.0.1.el5
nspreq4.9.5__1.el5_9
nspreq4.9.1__4.el5_8
nspreq4.6.5__3.el5
nspreq4.7.3__2.el5
nspreq4.10.2__2.el5_10
nspreq4.7.6__1.el5_4
nspreq4.7.4__1.el5_3.1

Name	Operator	Version
nspr	eq	4.7.0.99.2__1.el5
nspr	eq	4.8.8__2.el5
nspr	eq	4.6.5__1.0.1.el5
nspr	eq	4.9.5__1.el5_9
nspr	eq	4.9.1__4.el5_8
nspr	eq	4.6.5__3.el5
nspr	eq	4.7.3__2.el5
nspr	eq	4.10.2__2.el5_10
nspr	eq	4.7.6__1.el5_4
nspr	eq	4.7.4__1.el5_3.1