vulnerability
Oracle Linux: CVE-2019-17006: ELSA-2020-4076: nss and nspr security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:H/Au:N/C:C/I:C/A:C) | Dec 26, 2019 | Aug 5, 2020 | Dec 6, 2024 |
Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
Dec 26, 2019
Added
Aug 5, 2020
Modified
Dec 6, 2024
Description
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.
A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.
Solution(s)
oracle-linux-upgrade-nsproracle-linux-upgrade-nspr-develoracle-linux-upgrade-nssoracle-linux-upgrade-nss-develoracle-linux-upgrade-nss-pkcs11-develoracle-linux-upgrade-nss-softoknoracle-linux-upgrade-nss-softokn-develoracle-linux-upgrade-nss-softokn-freebloracle-linux-upgrade-nss-softokn-freebl-develoracle-linux-upgrade-nss-sysinitoracle-linux-upgrade-nss-toolsoracle-linux-upgrade-nss-utiloracle-linux-upgrade-nss-util-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.