Search for packages
| purl | pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1zaj-dhug-bffr
Aliases: CVE-2024-0743 |
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. |
Affected by 3 other vulnerabilities. |
|
VCID-77de-35ta-1kat
Aliases: CVE-2024-6609 |
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. |
Affected by 3 other vulnerabilities. |
|
VCID-7s8d-r67g-6feh
Aliases: CVE-2024-6602 |
A mismatch between allocator and deallocator could have led to memory corruption. |
Affected by 3 other vulnerabilities. |
|
VCID-s7qh-rv74-mqfx
Aliases: CVE-2023-5388 |
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. |
Affected by 0 other vulnerabilities. |
|
VCID-s7vh-16cg-vbb8
Aliases: CVE-2023-6135 |
Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1xgw-uan4-byhg | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. |
CVE-2021-43527
|
| VCID-54s7-rrtw-a7cg | During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. We would like to thank Sohaib ul Hassan for contributing a fix for this issue as well.*Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. |
CVE-2020-12402
|
| VCID-ake6-cm2x-8ubs | When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. |
CVE-2019-11745
|
| VCID-axss-jrt6-qqdk | A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. |
CVE-2020-25648
|
| VCID-bjhc-gzeg-vyhq | When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. |
CVE-2019-11719
|
| VCID-c5su-4v3n-5qh4 | During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. |
CVE-2020-12401
|
| VCID-e8wz-a6j9-ybas | NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. |
CVE-2020-12399
|
| VCID-hvj7-bwkf-f3em | When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. |
CVE-2020-6829
|
| VCID-mahw-y94d-xbe6 | Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. |
CVE-2019-11729
|
| VCID-pjmh-gvqz-47et | The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. |
CVE-2023-4421
|
| VCID-sm4b-5vw1-1qcf | After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. |
CVE-2019-17023
|
| VCID-sv69-65sj-vybj | When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. |
CVE-2020-12400
|
| VCID-tkkj-f8ww-1kdn | A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. |
CVE-2020-12403
|
| VCID-ubzm-vaec-93gp | After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. |
CVE-2022-22747
|
| VCID-vme5-mkru-k3aj | In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. |
CVE-2019-17007
|
| VCID-w27h-8fnv-guhx | A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. |
CVE-2019-11727
|
| VCID-x6ny-uzze-23ap |
CVE-2019-17006
|
|
| VCID-yqjn-5kut-6qbk | An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. |
CVE-2023-0767
|