The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1951 advisory.

  - nss: NULL pointer dereference in several CMS functions resulting in a denial of service (CVE-2018-18508)

  - nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719)

  - nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727)

  - nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729)

  - nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref     leading to DoS (CVE-2019-17007)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : nss and nspr (RHSA-2019:1951)

high Nessus Plugin ID 127636

Version 1.8