After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2020-01-08T21:30:29

Updated: 2024-08-05T01:24:48.748Z

Reserved: 2019-09-30T00:00:00

Link: CVE-2019-17023

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-01-08T22:15:12.827

Modified: 2024-11-21T04:31:33.987

Link: CVE-2019-17023

cve-icon Redhat

Severity : Low

Publid Date: 2020-01-08T00:00:00Z

Links: CVE-2019-17023 - Bugzilla