CVE-2017-7502

Priority
Medium
Description
Null pointer dereference vulnerability in NSS since 3.24.0 was found when
server receives empty SSLv2 messages resulting into denial of service by
remote attacker.
References
Package
Source: nss (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):released (2:3.28.4-0ubuntu2)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):released (2:3.28.4-0ubuntu0.14.04.2)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2:3.28.4-0ubuntu0.16.04.2)
Ubuntu 16.10 (Yakkety Yak):released (2:3.28.4-0ubuntu0.16.10.2)
Ubuntu 17.04 (Zesty Zapus):released (2:3.28.4-0ubuntu0.17.04.2)
Patches:
Upstream:https://hg.mozilla.org/projects/nss/rev/55ea60effd0d
More Information

Updated: 2017-06-21 18:14:17 UTC (commit 12778)