CVE-2017-7502

EUVD-2017-16519
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
mozillanetwork_security_services
3.24.0
mozillanetwork_security_services
3.25.0
mozillanetwork_security_services
3.25.1
mozillanetwork_security_services
3.26.0
mozillanetwork_security_services
3.26.2
mozillanetwork_security_services
3.27.0
mozillanetwork_security_services
3.27.1
mozillanetwork_security_services
3.27.2
mozillanetwork_security_services
3.28.0
mozillanetwork_security_services
3.28.1
mozillanetwork_security_services
3.28.2
mozillanetwork_security_services
3.28.3
mozillanetwork_security_services
3.29.0
mozillanetwork_security_services
3.29.1
mozillanetwork_security_services
3.29.2
mozillanetwork_security_services
3.29.3
mozillanetwork_security_services
3.30.0
mozillanetwork_security_services
3.30.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nss
bookworm
2:3.87.1-1
fixed
bullseye
2:3.61-1+deb11u3
fixed
bullseye (security)
2:3.61-1+deb11u4
fixed
sid
2:3.105-2
fixed
trixie
2:3.105-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nss
trusty
Fixed 2:3.28.4-0ubuntu0.14.04.2
released
xenial
Fixed 2:3.28.4-0ubuntu0.16.04.2
released
yakkety
Fixed 2:3.28.4-0ubuntu0.16.10.2
released
zesty
Fixed 2:3.28.4-0ubuntu0.17.04.2
released
Common Weakness Enumeration
References
http://www.debian.org/security/2017/dsa-3872
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/98744
http://www.securitytracker.com/id/1038579
https://access.redhat.com/errata/RHSA-2017:1364
https://access.redhat.com/errata/RHSA-2017:1365
https://access.redhat.com/errata/RHSA-2017:1567
https://access.redhat.com/errata/RHSA-2017:1712
https://hg.mozilla.org/projects/nss/rev/55ea60effd0d
http://www.debian.org/security/2017/dsa-3872
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/98744
http://www.securitytracker.com/id/1038579
https://access.redhat.com/errata/RHSA-2017:1364
https://access.redhat.com/errata/RHSA-2017:1365
https://access.redhat.com/errata/RHSA-2017:1567
https://access.redhat.com/errata/RHSA-2017:1712
https://hg.mozilla.org/projects/nss/rev/55ea60effd0d