VulnerableCode Package Details - pkg:rpm/redhat/nspr@4.25.0-2?arch=el8

Search for packages

Vulnerability	Summary	Fixed by
VCID-6fvj-phnx-kfgs Aliases: CVE-2019-17023	After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.	There are no reported fixed by versions.
VCID-7msj-wyd6-zkbe Aliases: CVE-2019-17006	nss: Check length of inputs for cryptographic primitives	There are no reported fixed by versions.
VCID-k2s2-zkua-8ydy Aliases: CVE-2020-12399	NSS has an information disclosure vulnerability when handling DSA keys.	There are no reported fixed by versions.
VCID-n6s1-tsx2-7fee Aliases: CVE-2019-11756	Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service).	There are no reported fixed by versions.
VCID-vjas-pry4-93cz Aliases: CVE-2020-12402	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-6fvj-phnx-kfgs
Aliases:
CVE-2019-17023

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.