rpm package
almalinux/nss
pkg:rpm/almalinux/nss
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-5388 | — | < 3.90.0-4.el8_9 | 3.90.0-4.el8_9 | Mar 19, 2024 | NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||
| CVE-2023-6135 | — | < 3.90.0-6.el8_9 | 3.90.0-6.el8_9 | Dec 19, 2023 | Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121. | ||
| CVE-2023-0767 | — | < 3.79.0-11.el8_7 | 3.79.0-11.el8_7 | Jun 2, 2023 | An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | ||
| CVE-2021-43527 | — | < 3.67.0-7.el8_5 | 3.67.0-7.el8_5 | Dec 8, 2021 | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. | ||
| CVE-2020-25648 | — | < 3.67.0-6.el8_4 | 3.67.0-6.el8_4 | Oct 20, 2020 | A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system ava |
- CVE-2023-5388Mar 19, 2024affected < 3.90.0-4.el8_9fixed 3.90.0-4.el8_9
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
- CVE-2023-6135Dec 19, 2023affected < 3.90.0-6.el8_9fixed 3.90.0-6.el8_9
Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.
- CVE-2023-0767Jun 2, 2023affected < 3.79.0-11.el8_7fixed 3.79.0-11.el8_7
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
- CVE-2021-43527Dec 8, 2021affected < 3.67.0-7.el8_5fixed 3.67.0-7.el8_5
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted.
- CVE-2020-25648Oct 20, 2020affected < 3.67.0-6.el8_4fixed 3.67.0-6.el8_4
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system ava