QwikSec

Security Database

CVE

CWE

Training

CVE-2020-25648

Published: Oct 20, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

Vendor	Product	Versions
n/a	nss	affected `nss versions before 3.58`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1887319

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes

FEDORA-2020-f29254bd5e

vendor-advisory

FEDORA-2020-bb91bf9b8e

vendor-advisory

FEDORA-2020-a857113c7a

vendor-advisory

[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar

mailing-list

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/security-alerts/cpuoct2021.html

https://www.oracle.com/security-alerts/cpuapr2022.html

[debian-lts-announce] 20231028 [SECURITY] [DLA 3634-1] nss security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.