VulnerableCode Package Details - pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u1

Search for packages

Package details: pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u1

Essentials
History (40)

purl	pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u1

Next non-vulnerable version	2:3.110-1
Latest non-vulnerable version	2:3.110-1
Risk	4.0

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-417p-mjbt-aaac Aliases: CVE-2023-6135	Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.	2:3.100-1 Affected by 0 other vulnerabilities. 2:3.103-1 Affected by 0 other vulnerabilities. 2:3.105-2 Affected by 0 other vulnerabilities. 2:3.108-1 Affected by 0 other vulnerabilities. 2:3.109-1 Affected by 0 other vulnerabilities. 2:3.110-1 Affected by 0 other vulnerabilities.
VCID-n6fw-n4rm-aaas Aliases: CVE-2024-7531	Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.	2:3.108-1 Affected by 0 other vulnerabilities. 2:3.109-1 Affected by 0 other vulnerabilities. 2:3.110-1 Affected by 0 other vulnerabilities.
VCID-ndhu-5njp-aaaa Aliases: CVE-2023-5388	timing attack against RSA decryption	2:3.100-1 Affected by 0 other vulnerabilities. 2:3.103-1 Affected by 0 other vulnerabilities. 2:3.105-2 Affected by 0 other vulnerabilities. 2:3.108-1 Affected by 0 other vulnerabilities. 2:3.109-1 Affected by 0 other vulnerabilities. 2:3.110-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-417p-mjbt-aaac
Aliases:
CVE-2023-6135

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.

2:3.100-1
Affected by 0 other vulnerabilities.

2:3.103-1
Affected by 0 other vulnerabilities.

2:3.105-2
Affected by 0 other vulnerabilities.

2:3.108-1
Affected by 0 other vulnerabilities.

2:3.109-1
Affected by 0 other vulnerabilities.

2:3.110-1
Affected by 0 other vulnerabilities.

VCID-n6fw-n4rm-aaas
Aliases:
CVE-2024-7531

Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.

2:3.108-1
Affected by 0 other vulnerabilities.

2:3.109-1
Affected by 0 other vulnerabilities.

2:3.110-1
Affected by 0 other vulnerabilities.

VCID-ndhu-5njp-aaaa
Aliases:
CVE-2023-5388

timing attack against RSA decryption

2:3.100-1
Affected by 0 other vulnerabilities.

2:3.103-1
Affected by 0 other vulnerabilities.

2:3.105-2
Affected by 0 other vulnerabilities.

2:3.108-1
Affected by 0 other vulnerabilities.

2:3.109-1
Affected by 0 other vulnerabilities.

2:3.110-1
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (7)

Vulnerability	Summary	Aliases
VCID-417p-mjbt-aaac	Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.	CVE-2023-6135
VCID-au4v-jfff-aaap	When almost out-of-memory an elliptic curve key which was never allocated could have been freed again.	CVE-2024-6609
VCID-frn1-3m59-aaac	new tlsfuzzer code can still detect timing issues in RSA operations	CVE-2023-4421
VCID-n6fw-n4rm-aaas	Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.	CVE-2024-7531
VCID-ndhu-5njp-aaaa	timing attack against RSA decryption	CVE-2023-5388
VCID-v9r1-hscs-aaac	An unchecked return value in TLS handshake code could have caused a potentially exploitable crash.	CVE-2024-0743
VCID-zd7v-2uxh-aaae	A mismatch between allocator and deallocator could have lead to memory corruption.	CVE-2024-6602

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-22T13:27:31.142139+00:00	Debian Importer	Fixing	VCID-n6fw-n4rm-aaas	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-22T04:19:59.232785+00:00	Debian Importer	Affected by	VCID-ndhu-5njp-aaaa	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T23:26:19.788384+00:00	Debian Importer	Fixing	VCID-frn1-3m59-aaac	None	36.1.3
2025-06-21T14:13:31.729238+00:00	Debian Importer	Affected by	VCID-417p-mjbt-aaac	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T04:59:10.246048+00:00	Debian Importer	Affected by	VCID-n6fw-n4rm-aaas	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-20T23:02:23.089291+00:00	Debian Importer	Fixing	VCID-zd7v-2uxh-aaae	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-20T22:14:55.473466+00:00	Debian Importer	Fixing	VCID-v9r1-hscs-aaac	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-20T22:04:56.030123+00:00	Debian Importer	Fixing	VCID-417p-mjbt-aaac	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-20T21:46:38.579714+00:00	Debian Importer	Fixing	VCID-au4v-jfff-aaap	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-20T20:50:40.033543+00:00	Debian Importer	Fixing	VCID-ndhu-5njp-aaaa	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-05T14:36:53.373327+00:00	Debian Importer	Fixing	VCID-ndhu-5njp-aaaa	https://security-tracker.debian.org/tracker/data/json	36.1.0
2025-04-13T02:20:20.446781+00:00	Debian Oval Importer	Fixing	VCID-zd7v-2uxh-aaae	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-13T02:20:19.732417+00:00	Debian Oval Importer	Fixing	VCID-v9r1-hscs-aaac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-13T02:20:19.018311+00:00	Debian Oval Importer	Fixing	VCID-au4v-jfff-aaap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-06T06:51:03.854670+00:00	Debian Importer	Fixing	VCID-n6fw-n4rm-aaas	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-05T22:24:00.616508+00:00	Debian Importer	Affected by	VCID-ndhu-5njp-aaaa	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-05T19:02:48.732001+00:00	Debian Importer	Fixing	VCID-frn1-3m59-aaac	None	36.0.0
2025-04-05T10:46:11.822085+00:00	Debian Importer	Affected by	VCID-417p-mjbt-aaac	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-04T07:48:31.395487+00:00	Debian Importer	Affected by	VCID-n6fw-n4rm-aaas	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-04T01:42:09.137039+00:00	Debian Importer	Fixing	VCID-zd7v-2uxh-aaae	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-04T00:53:22.446551+00:00	Debian Importer	Fixing	VCID-v9r1-hscs-aaac	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-04T00:42:56.956122+00:00	Debian Importer	Fixing	VCID-417p-mjbt-aaac	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-04T00:24:08.993554+00:00	Debian Importer	Fixing	VCID-au4v-jfff-aaap	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-03T23:35:15.491668+00:00	Debian Importer	Fixing	VCID-ndhu-5njp-aaaa	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-02-22T06:18:40.727251+00:00	Debian Importer	Fixing	VCID-n6fw-n4rm-aaas	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-22T06:18:39.661608+00:00	Debian Importer	Affected by	VCID-n6fw-n4rm-aaas	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-22T06:07:16.849586+00:00	Debian Importer	Fixing	VCID-au4v-jfff-aaap	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-22T06:06:52.598343+00:00	Debian Importer	Fixing	VCID-zd7v-2uxh-aaae	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T17:56:16.948669+00:00	Debian Importer	Fixing	VCID-v9r1-hscs-aaac	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T17:16:35.509992+00:00	Debian Importer	Affected by	VCID-417p-mjbt-aaac	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T17:16:31.651200+00:00	Debian Importer	Fixing	VCID-417p-mjbt-aaac	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T16:57:54.500402+00:00	Debian Importer	Affected by	VCID-ndhu-5njp-aaaa	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T16:57:45.533367+00:00	Debian Importer	Fixing	VCID-ndhu-5njp-aaaa	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T14:00:48.162676+00:00	Debian Importer	Fixing	VCID-frn1-3m59-aaac	None	35.1.0
2024-12-15T19:13:45.726210+00:00	Debian Importer	Fixing	VCID-au4v-jfff-aaap	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-12-15T19:13:23.778096+00:00	Debian Importer	Fixing	VCID-zd7v-2uxh-aaae	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-11-24T06:33:01.050783+00:00	Debian Importer	Fixing	VCID-v9r1-hscs-aaac	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-11-24T05:55:41.875657+00:00	Debian Importer	Fixing	VCID-417p-mjbt-aaac	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-11-24T05:39:28.044132+00:00	Debian Importer	Fixing	VCID-ndhu-5njp-aaaa	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-11-24T03:09:04.322883+00:00	Debian Importer	Fixing	VCID-frn1-3m59-aaac	None	35.0.0