Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-25648

Опубликовано: 20 окт. 2020
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

РелизСтатусПримечание
bionic

released

2:3.35-2ubuntu2.14
devel

not-affected

3.61-1ubuntu2
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

not-affected

2:3.35-2ubuntu2.14
esm-infra/focal

not-affected

2:3.49.1-1ubuntu1.7
esm-infra/xenial

not-affected

code not present
focal

released

2:3.49.1-1ubuntu1.7
groovy

ignored

end of life
hirsute

not-affected

3.61-1ubuntu2
impish

not-affected

3.61-1ubuntu2

Показывать по

Ссылки на источники

EPSS

Процентиль: 32%
0.00123
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-25648

CVSS3: 7.5
redhat
почти 5 лет назад

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

nvd логотип

CVE-2020-25648

CVSS3: 7.5
nvd
почти 5 лет назад

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

debian логотип

CVE-2020-25648

CVSS3: 7.5
debian
почти 5 лет назад

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) message ...

rocky логотип

RLSA-2021:3572

rocky
почти 4 года назад

Moderate: nss and nspr security, bug fix, and enhancement update

github логотип

GHSA-43j5-76vw-pq2j

CVSS3: 7.5
github
около 3 лет назад

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

EPSS

Процентиль: 32%
0.00123
Низкий

5 Medium

CVSS2

7.5 High

CVSS3