CVE-2017-7502

CWE-476 — NULL Pointer Dereference9 documents8 sources

Severity

7.5HIGH

EPSS

2.1%

top 15.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NSS Project NSS Mozilla Network Security Services

Timeline

PublishedMay 30

Latest updateMay 14

Description

Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDmozilla/network_security_services18 versions+17

▶Debiannss< 2:3.26.2-1.1+3

▶CVEListV5nss_project/nsssince 3.24.0

Patches

Patch: hg.mozilla.org ↗Patch: hg.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-97vv-2xv8-266j: Null pointer dereference vulnerability in NSS since 3↗2022-05-14

▶

CVEList

CVE-2017-7502: Null pointer dereference vulnerability in NSS since 3↗2017-05-30

▶

OSV

CVE-2017-7502: Null pointer dereference vulnerability in NSS since 3↗2017-05-30

▶

📋Vendor Advisories

Ubuntu

NSS vulnerability↗2017-07-31

▶

Ubuntu

NSS vulnerability↗2017-06-21

▶

Red Hat

nss: Null pointer dereference when handling empty SSLv2 messages↗2017-05-30

▶

Debian

CVE-2017-7502: nss - Null pointer dereference vulnerability in NSS since 3.24.0 was found when server...↗2017

▶

💬Community

Bugzilla

CVE-2017-7502 nss: Null pointer dereference when handling empty SSLv2 messages↗2017-04-28

▶