PT-2019-5700 · Mozilla+4 · Network Security Services+4

Publicado

2019-03-21

Atualizado

2021-03-05

CVE-2019-17007

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Network Security Services versions prior to 3.44

Description The issue is related to a malformed Netscape Certificate Sequence that can cause Network Security Services to crash, resulting in a denial of service. It is also associated with incorrect certificate authentication. An attacker could exploit this to cause a denial of service remotely.

Recommendations For versions prior to 3.44, update to version 3.44 or later to resolve the issue. As a temporary workaround, consider restricting the processing of Netscape Certificate Sequences to minimize the risk of exploitation.

Exploit

Correção

DoS

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

ALT-PU-2019-1897

ALT-PU-2019-2478

BDU:2021-00100

CESA-2019_1951

CESA-2019_2237

CVE-2019-17007

DLA-2015-1

DLA-2388-1

DSA-4579-1

OESA-2021-1059

RHSA-2019:1951

RHSA-2019:2237

RHSA-2019_1951

RHSA-2019_2237

RHSA-2021:0876

USN-4215-1

Produtos afetados

Alt Linux

Centos

Network Security Services

Red Hat

Ubuntu

PT-2019-5700 · Mozilla+4 · Network Security Services+4

CVE-2019-17007

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 26