CVE-2020-25648

CVE Database · CVE-2020-25648

CVE-2020-25648

· HIGHModified

CVSS v3.1

7.5

EPSS

3.85%

Published

Oct 20, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-770CWE-770

Affected Products (9)

mozilla · network_security_services (up to 3.58)vulnerable

redhat · enterprise_linuxvulnerable

fedoraproject · fedoravulnerable

oracle · communications_offline_mediation_controllervulnerable

oracle · communications_pricing_design_centervulnerable

oracle · jd_edwards_enterpriseone_tools (up to 9.2.6.0)vulnerable

References (20)