Описание
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2:3.35-2ubuntu2.12 |
| devel | released | 2:3.55-1ubuntu1 |
| esm-infra-legacy/trusty | released | 2:3.28.4-0ubuntu0.14.04.5+esm8 |
| esm-infra/bionic | released | 2:3.35-2ubuntu2.12 |
| esm-infra/focal | released | 2:3.49.1-1ubuntu1.5 |
| esm-infra/xenial | released | 2:3.28.4-0ubuntu0.16.04.14 |
| focal | released | 2:3.49.1-1ubuntu1.5 |
| precise/esm | not-affected | 2:3.28.4-0ubuntu0.12.04.11 |
| trusty | ignored | end of standard support |
| trusty/esm | released | 2:3.28.4-0ubuntu0.14.04.5+esm8 |
Показывать по
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3
Связанные уязвимости
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20 it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS i ...
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3