Vulnerability Description
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Network Security Services | 3.24.0 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2017/dsa-3872
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securityfocus.com/bid/98744Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038579
- https://access.redhat.com/errata/RHSA-2017:1364
- https://access.redhat.com/errata/RHSA-2017:1365
- https://access.redhat.com/errata/RHSA-2017:1567
- https://access.redhat.com/errata/RHSA-2017:1712
- https://hg.mozilla.org/projects/nss/rev/55ea60effd0dPatch
- http://www.debian.org/security/2017/dsa-3872
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securityfocus.com/bid/98744Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038579
- https://access.redhat.com/errata/RHSA-2017:1364
- https://access.redhat.com/errata/RHSA-2017:1365
FAQ
What is CVE-2017-7502?
CVE-2017-7502 is a vulnerability with a CVSS score of 7.5 (HIGH). Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
How severe is CVE-2017-7502?
CVE-2017-7502 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7502?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Network Security Services.