Security Advisory

CVE-2020-25648

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-10-20 00:00:00
Last updated 2024-08-04 15:40:36
Assigner redhat
State PUBLISHED

Description

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.