Описание
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
Меры по смягчению последствий
This issue only affects applications compiled against NSS which use CMS (Cryptographic Message Syntax) API. Other applications are not affected.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | nss | Will not fix | ||
| Red Hat Enterprise Linux 6 | nss | Will not fix | ||
| Red Hat Enterprise Linux 7 | nss | Will not fix | ||
| Red Hat Enterprise Linux 8 | mingw-nss | Will not fix | ||
| Red Hat Virtualization 4 | redhat-virtualization-host | Will not fix | ||
| Red Hat Virtualization 4 | rhvm-appliance | Will not fix | ||
| Red Hat Enterprise Linux 8 | nspr | Fixed | RHSA-2019:1951 | 30.07.2019 |
| Red Hat Enterprise Linux 8 | nss | Fixed | RHSA-2019:1951 | 30.07.2019 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a ...
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
Уязвимость компонента Сertificate Management Server набора библиотек Network Security Services, позволяющая нарушителю вызвать отказ в обслуживании
6.5 Medium
CVSS3