CVE-2020-25648

CVE-2020-25648

Vendor N/A
Product nss
Weakness CWE-770 · Uncontrolled resource consumption
Published October 20, 2020
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

Key dates

02Disclosure timeline

October 20, 2020 CVE published
August 4, 2024 Record updated