CVE-2019-17023

Sažetak

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1590001
https://www.mozilla.org/security/advisories/mfsa2020-01/
https://usn.ubuntu.com/4234-1/
https://usn.ubuntu.com/4397-1/
https://www.debian.org/security/2020/dsa-4726

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

27-01-2023 - 18:24

Objavljeno

08-01-2020 - 22:15