rpm package
almalinux/nspr
pkg:rpm/almalinux/nspr
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-5388 | — | < 4.35.0-4.el9_3 | 4.35.0-4.el9_3 | Mar 19, 2024 | NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||
| CVE-2023-6135 | — | < 4.35.0-6.el9_3 | 4.35.0-6.el9_3 | Dec 19, 2023 | Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121. | ||
| CVE-2023-0767 | — | < 4.34.0-17.el9_1 | 4.34.0-17.el9_1 | Jun 2, 2023 | An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | ||
| CVE-2020-25648 | — | < 4.32.0-1.el8_4 | 4.32.0-1.el8_4 | Oct 20, 2020 | A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system ava |
- CVE-2023-5388Mar 19, 2024affected < 4.35.0-4.el9_3fixed 4.35.0-4.el9_3
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
- CVE-2023-6135Dec 19, 2023affected < 4.35.0-6.el9_3fixed 4.35.0-6.el9_3
Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.
- CVE-2023-0767Jun 2, 2023affected < 4.34.0-17.el9_1fixed 4.34.0-17.el9_1
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
- CVE-2020-25648Oct 20, 2020affected < 4.32.0-1.el8_4fixed 4.32.0-1.el8_4
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system ava