← Back

CVE-2020-25648

nvd nist
Published: Oct 20, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

Affected (9)

Show all products
Mozilla: Network Security Services · Redhat: Enterprise Linux · Fedoraproject: Fedora · Oracle: Communications Offline Mediation Controller, Communications Pricing Design Center, Jd Edwards Enterpriseone Tools
Mozilla
1 product
Network Security Services
Redhat
1 product
Enterprise Linux
Fedoraproject
1 product
Fedora
Oracle
3 products
Communications Offline Mediation Controller
Communications Pricing Design Center
Jd Edwards Enterpriseone Tools
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Network Security Services
Before 3.58
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux
Version 7.0
Enterprise Linux
Version 8.0
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 31
Fedora
Version 32
Fedora
Version 33
Configuration D
3 vulnerable
Vulnerable SoftwareAffected Versions
Communications Offline Mediation Controller
Version 12.0.0.3.0
Communications Pricing Design Center
Version 12.0.0.3.0
Jd Edwards Enterpriseone Tools
Before 9.2.6.0

Related CWEs

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (20)

Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
Release NotesVendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
PatchThird Party Advisory
Source: secalert@redhat.com
Not ApplicableThird Party Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Not ApplicableThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.