NSS allows an attacker to send CCS messages in a row after ClientHello message. If an attacker put multiple CCS messages in a single tcp packet, the NSS server will stuck in a loop for many times to process the messages.
This issue affects servers which are compiled against the NSS library. Other consumers of NSS like firefox etc are not affected by this flaw.
Upstream patch: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
Upstream bug (currently private): https://bugzilla.mozilla.org/show_bug.cgi?id=1641480
This flaw only affects servers that are compiled with the NSS library and when the TLS 1.3 protocol is used.
Name: the Mozilla project