A flaw was found in the way NSS handled CCS ...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Nov 6, 2023
Description
Published by the National Vulnerability Database
Oct 20, 2020
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Nov 6, 2023
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
References