What is CVE-2019-17006?

CVE-2019-17006 is a vulnerability in Mozilla Nss. Published 2020-10-22.

Is CVE-2019-17006 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mozilla Nss

CVE-2019-17006

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a…

EPSS: 0.030 (86.9th percentile) — read the EPSS interpretation.

Affected products

Mozilla Nss — versions unspecified

Public proof-of-concept exploits

References

developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes (x_refsource_MISC)
bugzilla.mozilla.org/show_bug.cgi (x_refsource_MISC)
security.netapp.com/advisory/ntap-20210129-0001/ (x_refsource_CONFIRM)
cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf (x_refsource_CONFIRM)
us-cert.cisa.gov/ics/advisories/icsa-21-040-04 (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-17006?: CVE-2019-17006 is a vulnerability in Mozilla Nss. Published 2020-10-22.
Is CVE-2019-17006 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.