In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P
Vendors Products
Mozilla
  • Network Security Services
Siemens
  • Ruggedcom Rox Mx5000 Firmware
  • Ruggedcom Rox Rx5000 Firmware
  • Ruggedcom Rox Rx1500
  • Ruggedcom Rox Rx1400 Firmware
  • Ruggedcom Rox Rx1511
  • Ruggedcom Rox Rx1500 Firmware
  • Ruggedcom Rox Rx1400
  • Ruggedcom Rox Rx1510
  • Ruggedcom Rox Rx1512
  • Ruggedcom Rox Rx5000
  • Ruggedcom Rox Rx1510 Firmware
  • Ruggedcom Rox Rx1512 Firmware
  • Ruggedcom Rox Mx5000
  • Ruggedcom Rox Rx1501
  • Ruggedcom Rox Rx1511 Firmware
  • Ruggedcom Rox Rx1501 Firmware

Configuration 1 [-]

cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*
References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1533216 Exploit Issue Tracking Patch Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf Third Party Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes Release Notes Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 Third Party Advisory US Government Resource
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mozilla

Published: 2020-10-22T20:28:17

Updated: 2021-02-12T06:00:05

Reserved: 2019-09-30T00:00:00

Link: CVE-2019-17007

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2020-10-22T21:15:12.637

Modified: 2021-02-19T16:58:55.290

Link: CVE-2019-17007

JSON object: View

cve-icon Redhat Information

No data.

CWE