VulnerableCode Package Details - pkg:deb/debian/nss@2:3.110-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-417p-mjbt-aaac	Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.	CVE-2023-6135
VCID-n6fw-n4rm-aaas	Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.	CVE-2024-7531
VCID-ndhu-5njp-aaaa	timing attack against RSA decryption	CVE-2023-5388

Vulnerability

Summary

Aliases

VCID-417p-mjbt-aaac

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.

CVE-2023-6135

VCID-n6fw-n4rm-aaas

Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.

CVE-2024-7531

VCID-ndhu-5njp-aaaa

timing attack against RSA decryption

CVE-2023-5388

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-22T04:19:59.234780+00:00	Debian Importer	Fixing	VCID-ndhu-5njp-aaaa	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T14:13:31.731248+00:00	Debian Importer	Fixing	VCID-417p-mjbt-aaac	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T04:59:10.248627+00:00	Debian Importer	Fixing	VCID-n6fw-n4rm-aaas	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-04-11T10:41:51.786174+00:00	Debian Importer	Fixing	VCID-n6fw-n4rm-aaas	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-11T02:48:05.487397+00:00	Debian Importer	Fixing	VCID-417p-mjbt-aaac	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-10T18:47:04.562725+00:00	Debian Importer	Fixing	VCID-ndhu-5njp-aaaa	https://security-tracker.debian.org/tracker/data/json	36.0.0