CVE-2017-7502

Published: 30 May 2017

Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
nss
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (2:3.28.4-0ubuntu0.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2:3.28.4-0ubuntu0.14.04.2)
Patches:
Upstream: https://hg.mozilla.org/projects/nss/rev/55ea60effd0d