CVE-2019-17023

EUVD-2019-7497
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
< 72.0
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.04
canonicalubuntu_linux
19.10
canonicalubuntu_linux
20.04
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firefox
jessie
not-affected
sid
132.0.1-1
fixed
stretch
not-affected
nss
bookworm
2:3.87.1-1
fixed
bullseye
2:3.61-1+deb11u3
fixed
bullseye (security)
2:3.61-1+deb11u4
fixed
jessie
not-affected
sid
2:3.105-2
fixed
stretch
not-affected
trixie
2:3.105-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
bionic
Fixed 72.0.1+build1-0ubuntu0.18.04.1
released
disco
Fixed 72.0.1+build1-0ubuntu0.19.04.1
released
eoan
Fixed 72.0.1+build1-0ubuntu0.19.10.1
released
focal
Fixed 72.0.1+build1-0ubuntu1
released
trusty
dne
xenial
Fixed 72.0.1+build1-0ubuntu0.16.04.1
released
nss
bionic
Fixed 2:3.35-2ubuntu2.8
released
disco
ignored
eoan
Fixed 2:3.45-1ubuntu2.3
released
focal
not-affected
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1590001
https://usn.ubuntu.com/4234-1/
https://usn.ubuntu.com/4397-1/
https://www.debian.org/security/2020/dsa-4726
https://www.mozilla.org/security/advisories/mfsa2020-01/
https://bugzilla.mozilla.org/show_bug.cgi?id=1590001
https://usn.ubuntu.com/4234-1/
https://usn.ubuntu.com/4397-1/
https://www.debian.org/security/2020/dsa-4726
https://www.mozilla.org/security/advisories/mfsa2020-01/