PublicDateAtUSN: 2019-12-31 00:00:00 UTC
Candidate: CVE-2019-17006
PublicDate: 2020-10-22 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006
 https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34
 https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe
 https://ubuntu.com/security/notices/USN-4231-1
Description:
 In Network Security Services (NSS) before 3.46, several cryptographic
 primitives had missing length checks. In cases where the application
 calling the library did not perform a sanity check on the inputs it could
 result in a crash due to a buffer overflow.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_nss:
upstream_nss: released (2:3.47-1)
precise/esm_nss: released (2:3.28.4-0ubuntu0.12.04.7)
trusty_nss: ignored (out of standard support)
trusty/esm_nss: released (2:3.28.4-0ubuntu0.14.04.5+esm4)
xenial_nss: released (2:3.28.4-0ubuntu0.16.04.10)
esm-infra/xenial_nss: released (2:3.28.4-0ubuntu0.16.04.10)
bionic_nss: released (2:3.35-2ubuntu2.7)
disco_nss: released (2:3.42-1ubuntu2.5)
eoan_nss: released (2:3.45-1ubuntu2.2)
devel_nss: not-affected (2:3.47-1ubuntu2)