CVE-2019-17006
published 2020-10-22CVE-2019-17006: In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nss | < nss 2:3.47-1 (bookworm) | nss 2:3.47-1 (bookworm) |
| mozilla | network_security_services | < 3.46 | 3.46 |
| mozilla | nss | >= 0 < 2:3.47-1 | 2:3.47-1 |
| mozilla | nss | >= 0 < 2:3.47-1 | 2:3.47-1 |
| mozilla | nss | >= 0 < 2:3.47-1 | 2:3.47-1 |
| mozilla | nss | >= 0 < 2:3.47-1 | 2:3.47-1 |
| mozilla | nss | >= unspecified < 3.46 | 3.46 |
| paloalto | pan-os | — | — |
| siemens | ruggedcom_rox_mx5000_firmware | < 2.14.0 | 2.14.0 |
| siemens | ruggedcom_rox_rx1400_firmware | < 2.14.0 | 2.14.0 |
| siemens | ruggedcom_rox_rx1500_firmware | < 2.14.0 | 2.14.0 |
| siemens | ruggedcom_rox_rx1501_firmware | < 2.14.0 | 2.14.0 |
| siemens | ruggedcom_rox_rx1510_firmware | < 2.14.0 | 2.14.0 |
| siemens | ruggedcom_rox_rx1511_firmware | < 2.14.0 | 2.14.0 |
| siemens | ruggedcom_rox_rx1512_firmware | < 2.14.0 | 2.14.0 |
| siemens | ruggedcom_rox_rx5000_firmware | < 2.14.0 | 2.14.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL