CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-17006

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0120%
EPSS Percentile37.31th
Published2020年10月22日
Last Modified2024年11月21日

Vulnerability Description

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

Affected Platforms (CPE)

💻
Siemens

Ruggedcom Rox Mx5000 Firmware

< 2.14.0
💻
Siemens

Ruggedcom Rox Rx1400 Firmware

< 2.14.0
💻
Siemens

Ruggedcom Rox Rx1500 Firmware

< 2.14.0
💻
Siemens

Ruggedcom Rox Rx1501 Firmware

< 2.14.0
💻
Siemens

Ruggedcom Rox Rx1510 Firmware

< 2.14.0
💻
Siemens

Ruggedcom Rox Rx1511 Firmware

< 2.14.0
💻
Siemens

Ruggedcom Rox Rx1512 Firmware

< 2.14.0
💻
Siemens

Ruggedcom Rox Rx5000 Firmware

< 2.14.0
📦
Mozilla

Network Security Services

< 3.46
📦
Netapp

Hci Management Node

All versions
📦
Netapp

Solidfire

All versions
🔌
Netapp

Hci Compute Node

All versions
🔌
Netapp

Hci Storage Node

All versions

References & Advisories

🔗 https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
🔗 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes
🔗 https://security.netapp.com/advisory/ntap-20210129-0001/
🔗 https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
🔗 https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
🔗 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes

関連する脆弱性情報

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...