VulnerableCode Package Details - pkg:deb/ubuntu/nss@2:3.49.1-1ubuntu1.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-2sza-nrr3-aaam Aliases: CVE-2020-12400	When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.	2:3.49.1-1ubuntu1.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-985n-34bg-aaaq Aliases: CVE-2020-12401	During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.	2:3.49.1-1ubuntu1.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-mfgf-bqs7-aaan Aliases: CVE-2020-6829	When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.	2:3.49.1-1ubuntu1.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-p8d3-gs41-aaan Aliases: CVE-2020-12403	A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.	2:3.49.1-1ubuntu1.5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2sza-nrr3-aaam
Aliases:
CVE-2020-12400

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

2:3.49.1-1ubuntu1.4
Affected by 1 other vulnerability.

VCID-985n-34bg-aaaq
Aliases:
CVE-2020-12401

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

2:3.49.1-1ubuntu1.4
Affected by 1 other vulnerability.

VCID-mfgf-bqs7-aaan
Aliases:
CVE-2020-6829

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

2:3.49.1-1ubuntu1.4
Affected by 1 other vulnerability.

VCID-p8d3-gs41-aaan
Aliases:
CVE-2020-12403

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.

2:3.49.1-1ubuntu1.5
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-34n3-7gmm-aaap	During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. Note: An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.	CVE-2020-12402

Vulnerability

Summary

Aliases

VCID-34n3-7gmm-aaap

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.

CVE-2020-12402

Next non-vulnerable version	2:3.49.1-1ubuntu1.5
Latest non-vulnerable version	2:3.49.1-1ubuntu1.5
Risk	4.1