Your submission was sent successfully! Close

CVE-2017-7502

Published: 30 May 2017

Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
nss
Launchpad, Ubuntu, Debian
precise
Released (2:3.28.4-0ubuntu0.12.04.1)
trusty
Released (2:3.28.4-0ubuntu0.14.04.2)
upstream Needs triage

xenial
Released (2:3.28.4-0ubuntu0.16.04.2)
yakkety
Released (2:3.28.4-0ubuntu0.16.10.2)
zesty
Released (2:3.28.4-0ubuntu0.17.04.2)