CVE-2020-25648
nss - security update
7.5
HIGH
CVSS 3.1
EPSS 0.10%
Description
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
How to fix CVE-2020-25648
To remediate CVE-2020-25648, upgrade the affected package to a fixed version below.
- —upgrade to 3.58-r0 or later
- —upgrade to 2:3.58-1 or later
- —upgrade to 2:3.42.1-1+deb10u7 or later
Is CVE-2020-25648 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 3.58-r0
- from 0, < 2:3.58-1
- from 0, < 2:3.42.1-1+deb10u7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |