CyberSec.Space Logo
Back to CVE Browser

CVE-2019-17006

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0120%
EPSS Percentile37.31th
PublishedOct 22, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

Affected Platforms (CPE)

πŸ’»
Siemens

Ruggedcom Rox Mx5000 Firmware

< 2.14.0
πŸ’»
Siemens

Ruggedcom Rox Rx1400 Firmware

< 2.14.0
πŸ’»
Siemens

Ruggedcom Rox Rx1500 Firmware

< 2.14.0
πŸ’»
Siemens

Ruggedcom Rox Rx1501 Firmware

< 2.14.0
πŸ’»
Siemens

Ruggedcom Rox Rx1510 Firmware

< 2.14.0
πŸ’»
Siemens

Ruggedcom Rox Rx1511 Firmware

< 2.14.0
πŸ’»
Siemens

Ruggedcom Rox Rx1512 Firmware

< 2.14.0
πŸ’»
Siemens

Ruggedcom Rox Rx5000 Firmware

< 2.14.0
πŸ“¦
Mozilla

Network Security Services

< 3.46
πŸ“¦
Netapp

Hci Management Node

All versions
πŸ“¦
Netapp

Solidfire

All versions
πŸ”Œ
Netapp

Hci Compute Node

All versions
πŸ”Œ
Netapp

Hci Storage Node

All versions

References & Advisories

πŸ”— https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
πŸ”— https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes
πŸ”— https://security.netapp.com/advisory/ntap-20210129-0001/
πŸ”— https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
πŸ”— https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
πŸ”— https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes

Related Vulnerabilities

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...