Bug 1404568 (CVE-2016-9574) - CVE-2016-9574 nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA
Summary: CVE-2016-9574 nss: Remote DoS during session handshake when using SessionTick...
Status: CLOSED WONTFIX
Alias: CVE-2016-9574
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20161128,repor...
Keywords: Security
Depends On:
Blocks: 1404570
TreeView+ depends on / blocked
 
Reported: 2016-12-14 06:52 UTC by Huzaifa S. Sidhpurwala
Modified: 2019-06-08 21:39 UTC (History)
8 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2017-01-06 08:41:33 UTC


Attachments (Terms of Use)

Description Huzaifa S. Sidhpurwala 2016-12-14 06:52:07 UTC
A denial of service flaw was found in the way NSS handled handshake packets when SessionTicket extension was enabled on the TLS server side and ECDSA certificates were used. A remote attacker could use this flaw to crash TLS servers compiled against NSS.

More details and reproducer available at:

https://bugzilla.mozilla.org/show_bug.cgi?id=1320695


Note You need to log in before you can comment on or make changes to this bug.