A protocol downgrade flaw was found in Network Security Services (NSS). After a HelloRetryRequest has been sent, the client may negotiate a lower protocol than TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | nspr | 2021-07-08 18:41 | ALAS-2021-1522 |
Amazon Linux 2 - Core | nspr | 2020-11-09 21:02 | ALAS2-2020-1559 |
Amazon Linux 2 - Core | nss | 2020-11-09 21:02 | ALAS2-2020-1559 |
Amazon Linux 1 | nss-softokn | 2021-07-08 18:41 | ALAS-2021-1522 |
Amazon Linux 2 - Core | nss-softokn | 2020-11-09 21:02 | ALAS2-2020-1559 |
Amazon Linux 1 | nss-util | 2021-07-08 18:41 | ALAS-2021-1522 |
Amazon Linux 2 - Core | nss-util | 2020-11-09 21:02 | ALAS2-2020-1559 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 5.3 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N |
NVD | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:P/A:N |
NVD | CVSSv3 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |