{ "threat_severity" : "Moderate", "public_date" : "2020-10-19T00:00:00Z", "bugzilla" : { "description" : "nss: TLS 1.3 CCS flood remote DoS Attack", "id" : "1887319", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1887319" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-770", "details" : [ "A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.", "A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability." ], "statement" : "This flaw only affects servers that are compiled with the NSS library and when the TLS 1.3 protocol is used.", "acknowledgement" : "Red Hat would like to thank the Mozilla project for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2021-04-27T00:00:00Z", "advisory" : "RHSA-2021:1384", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "nss-0:3.53.1-7.el7_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-09-21T00:00:00Z", "advisory" : "RHSA-2021:3572", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "nspr-0:4.32.0-1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-09-21T00:00:00Z", "advisory" : "RHSA-2021:3572", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "nss-0:3.67.0-6.el8_4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-controller-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-log-reader-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-must-gather-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-operator-bundle:v1.4.6-5" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-registry-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-rsync-transfer-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-ui-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.4.6-3" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.4.6-5" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-rhel8:v1.4.6-5" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-velero-plugin-rhel8:v1.4.6-4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Out of support scope", "package_name" : "nss", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "nss", "cpe" : "cpe:/o:redhat:enterprise_linux:6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-25648\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25648\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes" ], "name" : "CVE-2020-25648", "csaw" : false }