CVE-2017-7502

Published: May 30, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.

Affected (18)

Products: Mozilla: Network Security Services

1 product

Network Security Services

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Mozilla Network Security Services	Version 3.24.0
Mozilla Network Security Services	Version 3.25.0
Mozilla Network Security Services	Version 3.25.1
Mozilla Network Security Services	Version 3.26.0
Mozilla Network Security Services	Version 3.26.2
Mozilla Network Security Services	Version 3.27.0
Mozilla Network Security Services	Version 3.27.1
Mozilla Network Security Services	Version 3.27.2
Mozilla Network Security Services	Version 3.28.0
Mozilla Network Security Services	Version 3.28.1
Mozilla Network Security Services	Version 3.28.2
Mozilla Network Security Services	Version 3.28.3
Mozilla Network Security Services	Version 3.29.0
Mozilla Network Security Services	Version 3.29.1
Mozilla Network Security Services	Version 3.29.2
Mozilla Network Security Services	Version 3.29.3
Mozilla Network Security Services	Version 3.30.0
Mozilla Network Security Services	Version 3.30.1

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (18)

http://www.debian.org/security/2017/dsa-3872

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/98744

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038579

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2017:1364

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2017:1365

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2017:1567

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2017:1712

Source: secalert@redhat.com

https://hg.mozilla.org/projects/nss/rev/55ea60effd0d

Source: secalert@redhat.com

Patch

http://www.debian.org/security/2017/dsa-3872

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/98744

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038579

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2017:1364

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2017:1365

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2017:1567

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2017:1712

Source: af854a3a-2127-422b-91ae-364da2661108

https://hg.mozilla.org/projects/nss/rev/55ea60effd0d

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.