Denial of service in Mozilla NSS library

Published: 2017-05-31 10:31:41
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2017-7502
CVSSv3 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CWE ID CWE-476
Exploitation vector Network
Public exploit Not available
Vulnerable software Mozilla NSS
Vulnerable software versions Mozilla NSS 3.28.1
Mozilla NSS 3.28
Mozilla NSS 3.27.2
Show more
Vendor URL Mozilla

Security Advisory

1) NULL pointer dereference

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference error in NSS since 3.24.0 when processing empty SSLv2 messages, received from clients. A remote attacker can send specially crafted request to vulnerable service and perform denial of service attack.

Remediation

Install update from vendor's repository.

External links

https://hg.mozilla.org/projects/nss/rev/55ea60effd0d

Back to List