CVE-2020-12403

Published: May 27, 2021Modified: Jun 17, 2026

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.

Affected (1)

Products: Mozilla: Nss

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Nss	Before 3.55

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (8)

https://bugzilla.redhat.com/show_bug.cgi?id=1868931

Source: security@mozilla.org

Issue TrackingPatchThird Party Advisory

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes

Source: security@mozilla.org

Release NotesVendor Advisory

https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html

Source: security@mozilla.org

https://security.netapp.com/advisory/ntap-20230324-0006/

Source: security@mozilla.org

https://bugzilla.redhat.com/show_bug.cgi?id=1868931

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20230324-0006/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.