CVE-2017-7502

high

Description

Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.

References

Advisories
More

https://access.redhat.com/errata/RHSA-2017:1712

https://access.redhat.com/errata/RHSA-2017:1567

https://access.redhat.com/errata/RHSA-2017:1365

https://access.redhat.com/errata/RHSA-2017:1364

http://www.securityfocus.com/bid/98744

http://www.debian.org/security/2017/dsa-3872

https://hg.mozilla.org/projects/nss/rev/55ea60effd0d

http://www.securitytracker.com/id/1038579

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Details

Source: Mitre, NVD

Published: 2017-05-30

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.01657

Detections

Analytics