Vulnerability Details CVE-2017-7502
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.debian.org/security/2017/dsa-3872
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securityfocus.com/bid/98744
- http://www.securitytracker.com/id/1038579
- https://access.redhat.com/errata/RHSA-2017:1364
- https://access.redhat.com/errata/RHSA-2017:1365
- https://access.redhat.com/errata/RHSA-2017:1567
- https://access.redhat.com/errata/RHSA-2017:1712
- https://hg.mozilla.org/projects/nss/rev/55ea60effd0d
- http://www.debian.org/security/2017/dsa-3872
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securityfocus.com/bid/98744
- http://www.securitytracker.com/id/1038579
- https://access.redhat.com/errata/RHSA-2017:1364
- https://access.redhat.com/errata/RHSA-2017:1365
- https://access.redhat.com/errata/RHSA-2017:1567
- https://access.redhat.com/errata/RHSA-2017:1712
- https://hg.mozilla.org/projects/nss/rev/55ea60effd0d
Products affected by CVE-2017-7502
-
cpe:2.3:a:mozilla:network_security_services:3.24.0
-
cpe:2.3:a:mozilla:network_security_services:3.25.0
-
cpe:2.3:a:mozilla:network_security_services:3.25.1
-
cpe:2.3:a:mozilla:network_security_services:3.26.0
-
cpe:2.3:a:mozilla:network_security_services:3.26.2
-
cpe:2.3:a:mozilla:network_security_services:3.27.0
-
cpe:2.3:a:mozilla:network_security_services:3.27.1
-
cpe:2.3:a:mozilla:network_security_services:3.27.2
-
cpe:2.3:a:mozilla:network_security_services:3.28.0
-
cpe:2.3:a:mozilla:network_security_services:3.28.1
-
cpe:2.3:a:mozilla:network_security_services:3.28.2
-
cpe:2.3:a:mozilla:network_security_services:3.28.3
-
cpe:2.3:a:mozilla:network_security_services:3.29.0
-
cpe:2.3:a:mozilla:network_security_services:3.29.1
-
cpe:2.3:a:mozilla:network_security_services:3.29.2
-
cpe:2.3:a:mozilla:network_security_services:3.29.3
-
cpe:2.3:a:mozilla:network_security_services:3.30.0
-
cpe:2.3:a:mozilla:network_security_services:3.30.1