CVE-2017-7502

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.

References

http://www.debian.org/security/2017/dsa-3872

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.securityfocus.com/bid/98744

http://www.securitytracker.com/id/1038579

https://access.redhat.com/errata/RHSA-2017:1364

https://access.redhat.com/errata/RHSA-2017:1365

https://access.redhat.com/errata/RHSA-2017:1567

https://access.redhat.com/errata/RHSA-2017:1712

https://hg.mozilla.org/projects/nss/rev/55ea60effd0d

Details

Source: MITRE

Published: 2017-05-30

Updated: 2018-01-05

Type: CWE-476

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
127337NewStart CGSL MAIN 4.05 : nss Multiple Vulnerabilities (NS-SA-2019-0105)NessusNewStart CGSL Local Security Checks
critical
101476Virtuozzo 7 : nss / nss-devel / nss-pkcs11-devel / nss-sysinit / etc (VZLSA-2017-1365)NessusVirtuozzo Local Security Checks
high
101475Virtuozzo 6 : nss / nss-devel / nss-pkcs11-devel / nss-sysinit / etc (VZLSA-2017-1364)NessusVirtuozzo Local Security Checks
high
101001Amazon Linux AMI : nss (ALAS-2017-848)NessusAmazon Linux Local Security Checks
high
100988Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : nss vulnerability (USN-3336-1)NessusUbuntu Local Security Checks
high
100702EulerOS 2.0 SP2 : nss (EulerOS-SA-2017-1109)NessusHuawei Local Security Checks
high
100701EulerOS 2.0 SP1 : nss (EulerOS-SA-2017-1108)NessusHuawei Local Security Checks
high
100580Debian DSA-3872-1 : nss - security updateNessusDebian Local Security Checks
critical
100559Debian DLA-971-1 : nss security updateNessusDebian Local Security Checks
high
100556CentOS 7 : nss (CESA-2017:1365)NessusCentOS Local Security Checks
high
100555CentOS 6 : nss (CESA-2017:1364)NessusCentOS Local Security Checks
high
100536Scientific Linux Security Update : nss on SL7.x x86_64 (20170530)NessusScientific Linux Local Security Checks
high
100535Scientific Linux Security Update : nss on SL6.x i386/x86_64 (20170530)NessusScientific Linux Local Security Checks
high
100532RHEL 7 : nss (RHSA-2017:1365)NessusRed Hat Local Security Checks
high
100531RHEL 6 : nss (RHSA-2017:1364)NessusRed Hat Local Security Checks
high
100526Oracle Linux 7 : nss (ELSA-2017-1365)NessusOracle Linux Local Security Checks
high
100525Oracle Linux 6 : nss (ELSA-2017-1364)NessusOracle Linux Local Security Checks
high