A vulnerability exists where it possible to force Network Security Services (NSS) to sign `CertificateVerify` with PKCS#1 v1.5 signatures when those are the only ones advertised by server in `CertificateRequest` in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages.
Name: the Mozilla project
Upstream: Hubert Kario
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
Upstream commit: https://hg.mozilla.org/projects/nss/rev/17c6fc2ec3c1feaed56ef59b35bf435c7d5c4949
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2019:1951 https://access.redhat.com/errata/RHSA-2019:1951