A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20/10/2020
by Oracle
3 months ago
by Mozilla
2 years ago
by Oracle
2 years ago
by Oracle
2 years ago
by Fedoraproject
a month ago
by Redhat
2 months ago