Search for vulnerabilities
Vulnerability details: VCID-gd1d-srzb-aaae
Vulnerability ID VCID-gd1d-srzb-aaae
Aliases CVE-2019-17006
Summary In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
Status Published
Exploitability 0.5
Weighted Severity 7.3
Risk 3.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-122 Heap-based Buffer Overflow
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17006.html
rhas Moderate https://access.redhat.com/errata/RHSA-2020:3280
rhas Moderate https://access.redhat.com/errata/RHSA-2020:4076
rhas Moderate https://access.redhat.com/errata/RHSA-2021:0758
rhas Moderate https://access.redhat.com/errata/RHSA-2021:0876
rhas Moderate https://access.redhat.com/errata/RHSA-2021:1026
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17006.json
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.00454 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
epss 0.01511 https://api.first.org/data/v1/epss?cve=CVE-2019-17006
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1775916
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402
cvssv3.1 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual Medium https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe
generic_textual Medium https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34
generic_textual Medium https://ubuntu.com/security/notices/USN-4231-1
generic_textual Medium https://usn.ubuntu.com/usn/usn-4231-1
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17006.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17006.json
https://api.first.org/data/v1/epss?cve=CVE-2019-17006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe
https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34
https://ubuntu.com/security/notices/USN-4231-1
https://usn.ubuntu.com/usn/usn-4231-1
1775916 https://bugzilla.redhat.com/show_bug.cgi?id=1775916
RHSA-2020:3280 https://access.redhat.com/errata/RHSA-2020:3280
RHSA-2020:4076 https://access.redhat.com/errata/RHSA-2020:4076
RHSA-2021:0758 https://access.redhat.com/errata/RHSA-2021:0758
RHSA-2021:0876 https://access.redhat.com/errata/RHSA-2021:0876
RHSA-2021:0949 https://access.redhat.com/errata/RHSA-2021:0949
RHSA-2021:1026 https://access.redhat.com/errata/RHSA-2021:1026
USN-4231-1 https://usn.ubuntu.com/4231-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17006.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.70209
EPSS Score 0.00321
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.