PublicDateAtUSN: 2019-11-29 00:00:00 UTC
Candidate: CVE-2019-17007
PublicDate: 2020-10-22 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007
 https://ubuntu.com/security/notices/USN-4215-1
Description:
 In Network Security Services before 3.44, a malformed Netscape Certificate
 Sequence can cause NSS to crash, resulting in a denial of service.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugs.chromium.org/p/project-zero/issues/detail?id=1798
 https://bugzilla.mozilla.org/show_bug.cgi?id=1533216
Priority: medium
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_nss:
 upstream: https://hg.mozilla.org/projects/nss/rev/1473dd7efe2ce4f8722a33ebb03a3425e09887de
upstream_nss: released (2:3.45-1)
precise/esm_nss: released (2:3.28.4-0ubuntu0.12.04.6)
trusty_nss: ignored (out of standard support)
trusty/esm_nss: released (2:3.28.4-0ubuntu0.14.04.5+esm3)
xenial_nss: released (2:3.28.4-0ubuntu0.16.04.9)
esm-infra/xenial_nss: released (2:3.28.4-0ubuntu0.16.04.9)
bionic_nss: released (2:3.35-2ubuntu2.6)
disco_nss: released (2:3.42-1ubuntu2.4)
eoan_nss: not-affected (2:3.45-1ubuntu2)
devel_nss: not-affected