DSA-3998-1 nss -- nssID: oval:org.secpod.oval:def:603127 | Date: (C)2017-10-13 (M)2023-12-20 |
Class: PATCH | Family: unix |
Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of this flaw to cause an application using the nss library to crash, resulting in a denial of service, or potentially to execute arbitrary code.
Platform: |
Debian 8.x |
Debian 9.x |