Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2017-7502

Published: 30/05/2017 Updated: 12/02/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Mozilla

Vulnerability Summary

Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla network security services 3.25.0

mozilla network security services 3.29.1

mozilla network security services 3.29.0

mozilla network security services 3.30.0

mozilla network security services 3.29.2

mozilla network security services 3.25.1

mozilla network security services 3.28.1

mozilla network security services 3.26.2

mozilla network security services 3.30.1

mozilla network security services 3.24.0

mozilla network security services 3.27.0

mozilla network security services 3.29.3

mozilla network security services 3.28.0

mozilla network security services 3.27.2

mozilla network security services 3.28.3

mozilla network security services 3.28.2

mozilla network security services 3.27.1

mozilla network security services 3.26.0

Vendor Advisories

Debian CVElist Bug Report Logs: nss: CVE-2017-5461 CVE-2017-5462
Debian Bug report logs - #862958 nss: CVE-2017-5461 CVE-2017-5462 Package: src:nss; Maintainer for src:nss is Maintainers of Mozilla-related packages <team+pkg-mozilla@trackerdebianorg>; Reported by: Raphael Hertzog <hertzog@debianorg> Date: Fri, 19 May 2017 10:48:02 UTC Severity: important Tags: patch, security, ...
Debian CVElist Bug Report Logs: CVE-2017-7502
Debian Bug report logs - #863839 CVE-2017-7502 Package: nss; Maintainer for nss is Maintainers of Mozilla-related packages <team+pkg-mozilla@trackerdebianorg>; Reported by: Ola Lundqvist <ola@inguzacom> Date: Wed, 31 May 2017 20:03:01 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found i ...
Red Hat: Important: nss security and bug fix update
Synopsis Important: nss security and bug fix update Type/Severity Security Advisory: Important Topic An update for nss is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Red Hat: Important: nss security and bug fix update
Synopsis Important: nss security and bug fix update Type/Severity Security Advisory: Important Topic An update for nss is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Red Hat: Important: Red Hat 3scale API Management Platform 2.0.0 security update
Synopsis Important: Red Hat 3scale API Management Platform 200 security update Type/Severity Security Advisory: Important Topic A security update for Red Hat 3scale API Management Platform 200 is now available from the Red Hat Container CatalogRed Hat Product Security has rated this update as having a ...
Red Hat: Important: Red Hat Container Development Kit 3.0.0 security update
Synopsis Important: Red Hat Container Development Kit 300 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Container Development Kit 300Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Ubuntu Security Notice: nss vulnerability
NSS could be made to crash if it received specially crafted network traffic ...
Ubuntu Security Notice: nss vulnerability
Several security issues were fixed in NSS ...
Amazon Linux AMI: ALAS-2017-848
Null pointer dereference when handling empty SSLv2 messages:A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages An attacker could use this flaw to crash a server application compiled against the NSS library (CVE-2017-7502) ...

References

CWE-476https://hg.mozilla.org/projects/nss/rev/55ea60effd0dhttp://www.securityfocus.com/bid/98744http://www.securitytracker.com/id/1038579http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.debian.org/security/2017/dsa-3872https://access.redhat.com/errata/RHSA-2017:1712https://access.redhat.com/errata/RHSA-2017:1567https://access.redhat.com/errata/RHSA-2017:1365https://access.redhat.com/errata/RHSA-2017:1364https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862958https://usn.ubuntu.com/3336-1/https://access.redhat.com/errata/RHSA-2017:1364
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook