A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
10 May 2022, 15:45
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Not Applicable, Third Party Advisory |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Dec 2021, 19:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:* |
|
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory |
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-10-20 22:15
Updated : 2024-02-04 21:23
NVD link : CVE-2020-25648
Mitre link : CVE-2020-25648
CVE.ORG link : CVE-2020-25648
JSON object : View
Products Affected
redhat
- enterprise_linux
mozilla
- network_security_services
oracle
- communications_offline_mediation_controller
- jd_edwards_enterpriseone_tools
- communications_pricing_design_center
fedoraproject
- fedora
CWE
CWE-770
Allocation of Resources Without Limits or Throttling