CVE-2019-17006

Summary

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

Affected Software

VendorProductVersion RangeStatus
MozillaNSSunspecified < 3.46affected

Weaknesses

  • missing length checks for cryptographic primitives

ADP Enrichment

CVE Program Container

Additional References

References