Unrated severityNVD Advisory· Published Apr 29, 2019· Updated Aug 5, 2024

CVE-2018-12384

Description

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.

Affected products

osv-coords51 versions
pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/mozilla-nspr&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/mozilla-nss&distro=SUSE%20OpenStack%20Cloud%207
< 60.4.0esr-109.55.1+ 50 more
- (no CPE)range: < 60.4.0esr-109.55.1
- (no CPE)range: < 60.4.0esr-109.55.1
- (no CPE)range: < 60.4.0esr-109.55.1
- (no CPE)range: < 60.4.0-3.21.1
- (no CPE)range: < 60.4.0esr-109.55.1
- (no CPE)range: < 60.4.0esr-109.55.1
- (no CPE)range: < 60.4.0esr-109.55.1
- (no CPE)range: < 60.4.0esr-109.55.1
- (no CPE)range: < 60.4.0esr-109.55.1
- (no CPE)range: < 60.4.0esr-109.55.1
- (no CPE)range: < 60.4.0esr-109.55.1
- (no CPE)range: < 60.4.0esr-109.55.1
- (no CPE)range: < 60.4.0esr-109.55.1
- (no CPE)range: < 60.4.0esr-109.55.1
- (no CPE)range: < 60.4.0esr-109.55.1
- (no CPE)range: < 60.4.0esr-109.55.1
- (no CPE)range: < 60.4.0esr-109.55.1
- (no CPE)range: < 4.20-19.6.1
- (no CPE)range: < 4.20-19.6.1
- (no CPE)range: < 4.20-19.6.1
- (no CPE)range: < 4.20-3.3.2
- (no CPE)range: < 4.20-19.6.1
- (no CPE)range: < 4.20-19.6.1
- (no CPE)range: < 4.20-19.6.1
- (no CPE)range: < 4.20-19.6.1
- (no CPE)range: < 4.20-19.6.1
- (no CPE)range: < 4.20-19.6.1
- (no CPE)range: < 4.20-19.6.1
- (no CPE)range: < 4.20-19.6.1
- (no CPE)range: < 4.20-19.6.1
- (no CPE)range: < 4.20-19.6.1
- (no CPE)range: < 4.20-19.6.1
- (no CPE)range: < 4.20-19.6.1
- (no CPE)range: < 4.20-19.6.1
- (no CPE)range: < 3.40.1-58.18.1
- (no CPE)range: < 3.40.1-58.18.1
- (no CPE)range: < 3.40.1-58.18.1
- (no CPE)range: < 3.40.1-3.7.2
- (no CPE)range: < 3.40.1-58.18.1
- (no CPE)range: < 3.40.1-58.18.1
- (no CPE)range: < 3.40.1-58.18.1
- (no CPE)range: < 3.40.1-58.18.1
- (no CPE)range: < 3.40.1-58.18.1
- (no CPE)range: < 3.40.1-58.18.1
- (no CPE)range: < 3.40.1-58.18.1
- (no CPE)range: < 3.40.1-58.18.1
- (no CPE)range: < 3.40.1-58.18.1
- (no CPE)range: < 3.40.1-58.18.1
- (no CPE)range: < 3.40.1-58.18.1
- (no CPE)range: < 3.40.1-58.18.1
- (no CPE)range: < 3.40.1-58.18.1
Nss/Network Security Services (nss)v5
Range: All versions prior to NSS 3.39

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.mozilla.org/show_bug.cgimitrex_refsource_CONFIRM
www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000