Vulnerability in Mozilla Nss
CVE-2019-17007
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
EPSS: 0.003 (51.0th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Nss — versions unspecified
Public proof-of-concept exploits
References
- developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes (x_refsource_MISC)
- bugzilla.mozilla.org/show_bug.cgi (x_refsource_MISC)
- cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf (x_refsource_CONFIRM)
- us-cert.cisa.gov/ics/advisories/icsa-21-040-04 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-17007?
- CVE-2019-17007 is a vulnerability in Mozilla Nss. Published 2020-10-22.
- Is CVE-2019-17007 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.