Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-17023

Опубликовано: 08 янв. 2020
Источник: redhat
CVSS3: 5.3

Описание

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

A protocol downgrade flaw was found in Network Security Services (NSS). After a HelloRetryRequest has been sent, the client may negotiate a lower protocol than TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.

Отчет

This flaw causes the client to hang when there is a downgrade attempt. Therefore no actual protocol downgrade occurs.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5nssOut of support scope
Red Hat Enterprise Linux 6nssOut of support scope
Red Hat Enterprise Linux 7nsprFixedRHSA-2020:407629.09.2020
Red Hat Enterprise Linux 7nssFixedRHSA-2020:407629.09.2020
Red Hat Enterprise Linux 7nss-softoknFixedRHSA-2020:407629.09.2020
Red Hat Enterprise Linux 7nss-utilFixedRHSA-2020:407629.09.2020
Red Hat Enterprise Linux 8nsprFixedRHSA-2020:328003.08.2020
Red Hat Enterprise Linux 8nssFixedRHSA-2020:328003.08.2020
Red Hat OpenShift Doopenshiftdo/odo-init-image-rhel7FixedRHSA-2021:094922.03.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1791225nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-17023

CVSS3: 6.5
ubuntu
почти 6 лет назад

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

nvd логотип

CVE-2019-17023

CVSS3: 6.5
nvd
почти 6 лет назад

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

debian логотип

CVE-2019-17023

CVSS3: 6.5
debian
почти 6 лет назад

After a HelloRetryRequest has been sent, the client may negotiate a lo ...

github логотип

GHSA-86rq-87v9-7ppc

CVSS3: 6.5
github
больше 3 лет назад

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

fstec логотип

BDU:2020-01970

CVSS3: 6.5
fstec
около 6 лет назад

Уязвимость расширения HelloRetryRequest браузера Firefox, позволяющая нарушителю оказать воздействие на целостность данных

5.3 Medium

CVSS3