Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Mozilla
  • Network Security Services
Redhat
  • Container Development Kit
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:a:mozilla:network_security_services:3.24.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.25.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.25.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.26.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.26.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.27.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.27.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.27.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.28.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.28.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.28.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.28.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.29.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.29.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.29.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.29.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.30.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.30.1:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Container Development Kit 3.0
cpe:/a:redhat:container_development_kit:3.0 RHSA-2017:1567 2017-06-21T00:00:00Z
Red Hat Enterprise Linux 6
nss-0:3.28.4-3.el6_9 cpe:/o:redhat:enterprise_linux:6 RHSA-2017:1364 2017-05-30T00:00:00Z
Red Hat Enterprise Linux 7
nss-0:3.28.4-1.2.el7_3 cpe:/o:redhat:enterprise_linux:7 RHSA-2017:1365 2017-05-30T00:00:00Z
References
Link Providers
http://www.debian.org/security/2017/dsa-3872 cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html cve-icon cve-icon
http://www.securityfocus.com/bid/98744 cve-icon cve-icon
http://www.securitytracker.com/id/1038579 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:1364 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:1365 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:1567 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:1712 cve-icon cve-icon
https://hg.mozilla.org/projects/nss/rev/55ea60effd0d cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2017-7502 cve-icon
https://www.cve.org/CVERecord?id=CVE-2017-7502 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2017-05-30T18:00:00

Updated: 2024-08-05T16:04:11.874Z

Reserved: 2017-04-05T00:00:00

Link: CVE-2017-7502

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-05-30T18:29:00.237

Modified: 2023-02-12T23:30:14.770

Link: CVE-2017-7502

cve-icon Redhat

Severity : Important

Publid Date: 2017-05-30T00:00:00Z

Links: CVE-2017-7502 - Bugzilla