CVE-2016-9574

CWE-325CWE-3847 documents7 sources
Severity
5.9MEDIUM
EPSS
0.2%
top 59.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Network Security Services[unknown] NSS
Timeline
PublishedJul 19
Latest updateMay 13

Description

nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

Debiannss< 2:3.25-1+3
CVEListV5[unknown]/nssnss 3.30

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

3
GHSA
GHSA-jq9g-rw6w-4vhv: nss before version 32022-05-13
OSV
CVE-2016-9574: nss before version 32018-07-19
CVEList
CVE-2016-9574: nss before version 32018-07-19

📋Vendor Advisories

2
Red Hat
nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA2016-11-28
Debian
CVE-2016-9574: nss - nss before version 3.30 is vulnerable to a remote denial of service during the s...2016

💬Community

1
Bugzilla
CVE-2016-9574 nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA2016-12-14