Denial of Service Vulnerability in Network Security Services by Mozilla
CVE-2018-18508

6.5MEDIUM

Key Information:

Vendor
Mozilla
Status
Nss
Vendor
CVE Published:
22 October 2020

Summary

The vulnerability in Mozilla's Network Security Services (NSS) arises from handling malformed signatures, leading to a null dereference that triggers a crash. This results in a Denial of Service, causing potential disruptions in service availability. The flaw has been identified in versions prior to 3.36.7 and 3.41.1, which need to be updated to mitigate risks associated with this vulnerability.

Affected Version(s)

NSS < 3.41.1

NSS < 3.36.7

References

https://developer.mozilla.org/en-US/docs/Mozilla/Projects...
x_refsource_MISC
https://developer.mozilla.org/en-US/docs/Mozilla/Projects...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-37980...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.