Описание
The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | nss_compat_ossl | Will not fix | ||
| Red Hat Enterprise Linux 7 | nss_compat_ossl | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1238326nss_compat_ossl: incorrect multi-keyword mode cipherstring parsing
EPSS
Процентиль: 62%
0.00422
Низкий
4.3 Medium
CVSS2
Связанные уязвимости
CVSS3: 9.8
nvd
больше 8 лет назад
The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors.
CVSS3: 9.8
github
больше 3 лет назад
The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors.
EPSS
Процентиль: 62%
0.00422
Низкий
4.3 Medium
CVSS2