A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2020-10-20T00:00:00
Updated: 2024-08-04T15:40:36.481Z
Reserved: 2020-09-16T00:00:00
Link: CVE-2020-25648
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-10-20T22:15:43.217
Modified: 2024-11-21T05:18:20.080
Link: CVE-2020-25648
Redhat