PT-2020-6471 · Mozilla+8 · Nss+8

Published

2020-10-19

Updated

2024-06-15

CVE-2020-25648

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions NSS versions prior to 3.58

Description A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3, allowing a remote attacker to send multiple CCS messages and cause a denial of service for servers compiled with the NSS library. The highest threat from this issue is to system availability.

Recommendations For versions prior to 3.58, update to version 3.58 or later to resolve the issue. As a temporary workaround, consider restricting access to TLS 1.3 connections to minimize the risk of exploitation.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALSA-2021:3572

ALT-PU-2020-3119

ALT-PU-2021-1367

ALT-PU-2022-1779

BDU:2021-05184

CESA-2021_3572

CVE-2020-25648

DLA-3634-1

MGASA-2020-0395

OESA-2021-1115

OESA-2021-1116

OPENSUSE-SU-2024:11058-1

RHSA-2021:1384

RHSA-2021:3572

RHSA-2021_1384

RHSA-2021_3572

RLSA-2021:3572

SUSE-RU-2021:14818-1

SUSE-RU-2021:3115-1

SUSE-RU-2021:3115-2

SUSE-RU-2021:3116-1

USN-5410-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Nss

Red Hat

Rocky Linux

Ubuntu

PT-2020-6471 · Mozilla+8 · Nss+8

CVE-2020-25648

Weakness Enumeration

Related Identifiers

Affected Products

References · 82