A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00192}

epss

{'score': 0.00191}


cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2024-08-04T11:56:51.720Z

Reserved: 2020-04-28T00:00:00

Link: CVE-2020-12403

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-05-27T19:15:07.953

Modified: 2024-11-21T04:59:38.987

Link: CVE-2020-12403

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-07-27T00:00:00Z

Links: CVE-2020-12403 - Bugzilla

cve-icon OpenCVE Enrichment

No data.