CVE-2019-17006
Summary
| CVE | CVE-2019-17006 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-22 21:15:00 UTC |
| Updated | 2021-07-21 11:39:00 UTC |
| Description | In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. |
Risk And Classification
Problem Types: CWE-119 | CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mozilla | Network Security Services | All | All | All | All |
| Application | Mozilla | Network Security Services | All | All | All | All |
| Hardware | Netapp | Hci Compute Node | - | All | All | All |
| Hardware | Netapp | Hci Compute Node | - | All | All | All |
| Application | Netapp | Hci Management Node | - | All | All | All |
| Application | Netapp | Hci Management Node | - | All | All | All |
| Hardware | Netapp | Hci Storage Node | - | All | All | All |
| Hardware | Netapp | Hci Storage Node | - | All | All | All |
| Application | Netapp | Solidfire | - | All | All | All |
| Application | Netapp | Solidfire | - | All | All | All |
| Hardware | Siemens | Ruggedcom Rox Mx5000 | - | All | All | All |
| Hardware | Siemens | Ruggedcom Rox Mx5000 | - | All | All | All |
| Operating System | Siemens | Ruggedcom Rox Mx5000 Firmware | All | All | All | All |
| Operating System | Siemens | Ruggedcom Rox Mx5000 Firmware | All | All | All | All |
| Hardware | Siemens | Ruggedcom Rox Rx1400 | - | All | All | All |
| Hardware | Siemens | Ruggedcom Rox Rx1400 | - | All | All | All |
| Operating System | Siemens | Ruggedcom Rox Rx1400 Firmware | All | All | All | All |
| Operating System | Siemens | Ruggedcom Rox Rx1400 Firmware | All | All | All | All |
| Hardware | Siemens | Ruggedcom Rox Rx1500 | - | All | All | All |
| Hardware | Siemens | Ruggedcom Rox Rx1500 | - | All | All | All |
| Operating System | Siemens | Ruggedcom Rox Rx1500 Firmware | All | All | All | All |
| Operating System | Siemens | Ruggedcom Rox Rx1500 Firmware | All | All | All | All |
| Hardware | Siemens | Ruggedcom Rox Rx1501 | - | All | All | All |
| Hardware | Siemens | Ruggedcom Rox Rx1501 | - | All | All | All |
| Operating System | Siemens | Ruggedcom Rox Rx1501 Firmware | All | All | All | All |
| Operating System | Siemens | Ruggedcom Rox Rx1501 Firmware | All | All | All | All |
| Hardware | Siemens | Ruggedcom Rox Rx1510 | - | All | All | All |
| Hardware | Siemens | Ruggedcom Rox Rx1510 | - | All | All | All |
| Operating System | Siemens | Ruggedcom Rox Rx1510 Firmware | All | All | All | All |
| Operating System | Siemens | Ruggedcom Rox Rx1510 Firmware | All | All | All | All |
| Hardware | Siemens | Ruggedcom Rox Rx1511 | - | All | All | All |
| Hardware | Siemens | Ruggedcom Rox Rx1511 | - | All | All | All |
| Operating System | Siemens | Ruggedcom Rox Rx1511 Firmware | All | All | All | All |
| Operating System | Siemens | Ruggedcom Rox Rx1511 Firmware | All | All | All | All |
| Hardware | Siemens | Ruggedcom Rox Rx1512 | - | All | All | All |
| Hardware | Siemens | Ruggedcom Rox Rx1512 | - | All | All | All |
| Operating System | Siemens | Ruggedcom Rox Rx1512 Firmware | All | All | All | All |
| Operating System | Siemens | Ruggedcom Rox Rx1512 Firmware | All | All | All | All |
| Hardware | Siemens | Ruggedcom Rox Rx5000 | - | All | All | All |
| Hardware | Siemens | Ruggedcom Rox Rx5000 | - | All | All | All |
| Operating System | Siemens | Ruggedcom Rox Rx5000 Firmware | All | All | All | All |
| Operating System | Siemens | Ruggedcom Rox Rx5000 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Siemens RUGGEDCOM ROX II | CISA | MISC | us-cert.cisa.gov | Third Party Advisory, US Government Resource |
| NSS 3.46 release notes - Mozilla | MDN | MISC | developer.mozilla.org | Release Notes, Vendor Advisory |
| cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf | CONFIRM | cert-portal.siemens.com | Third Party Advisory |
| CVE-2019-17006 Libnss Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| Access Denied | MISC | bugzilla.mozilla.org | Exploit, Issue Tracking, Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 239173 Red Hat Update for nss and nss-softokn (RHSA-2021:0876)
- 239184 Red Hat Update for nss-softokn (RHSA-2021:1026)
- 352469 Amazon Linux Security Advisory for nspr, nss-softokn, nss-util: ALAS-2021-1522
- 377524 Alibaba Cloud Linux Security Update for nss and nspr (ALINUX2-SA-2020:0173)
- 904892 Common Base Linux Mariner (CBL-Mariner) Security Update for openjdk8 (12400)
- 904917 Common Base Linux Mariner (CBL-Mariner) Security Update for mozjs60 (12367)
- 940400 AlmaLinux Security Update for nss and nspr (ALSA-2020:3280)
- 960710 Rocky Linux Security Update for nss and nspr (RLSA-2020:3280)