CVE-2017-7502 Information

Feb 14, 2021 cve

Description

Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://www.debian.org/security/2017/dsa-3872 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/98744 http://www.securitytracker.com/id/1038579 https://access.redhat.com/errata/RHSA-2017:1364 https://access.redhat.com/errata/RHSA-2017:1365 https://access.redhat.com/errata/RHSA-2017:1567 https://access.redhat.com/errata/RHSA-2017:1712 https://hg.mozilla.org/projects/nss/rev/55ea60effd0d

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5

Share on: