Published: 27/05/2021 Updated: 24/03/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 571

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions prior to 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla nss

Synopsis Moderate: nss and nspr security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for nss, nss-softokn, nss-util, and nspr is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate ...

Synopsis Moderate: nss security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for nss is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...

Synopsis Low: OpenShift Container Platform 4340 security and bug fix update Type/Severity Security Advisory: Low Topic An update is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring S ...

Synopsis Moderate: security update - Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container(CVE-20 ...

Synopsis Moderate: security update - Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container (CVE-2 ...

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library This could lead to information disclosure This vulnerability affects Firefox ESR < 608, Firefox < 68, and Thunderbird < 608 (CVE-2019-11719) A vulnerability exi ...

Cryptofuzz - Differential cryptography fuzzing Documentation For building Cryptofuzz, please refer to docs/buildingmd For instructions on how to run Cryptofuzz, please see docs/runningmd Bugs found by Cryptofuzz OpenSSL: ARIA GCM ciphers memory leak after EVP_CTRL_AEAD_SET_IVLEN OpenSSL: HMAC with SHAKE128 via EVP interface crashes on EVP_DigestSignUpdate OpenSSL: BLAKE2b

Fuzzing cryptographic libraries. Magic bug printer go brrrr.

Cryptofuzz - Differential cryptography fuzzing Documentation For building Cryptofuzz, please refer to docs/buildingmd For instructions on how to run Cryptofuzz, please see docs/runningmd Bugs found by Cryptofuzz OpenSSL: ARIA GCM ciphers memory leak after EVP_CTRL_AEAD_SET_IVLEN OpenSSL: HMAC with SHAKE128 via EVP interface crashes on EVP_DigestSignUpdate OpenSSL: BLAKE2b

CWE-125 https://bugzilla.redhat.com/show_bug.cgi?id=1868931 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html https://security.netapp.com/advisory/ntap-20230324-0006/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:4076 https://github.com/guidovranken/cryptofuzz https://alas.aws.amazon.com/AL2/ALAS-2020-1559.html

CVE-2020-12403

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect