CVE-2020-12403 - CERT CVE
ID CVE-2020-12403
Sažetak A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.
Reference
CVSS
Base: 6.4
Impact: 4.9
Exploitability:10.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL NONE PARTIAL
CVSS vektor AV:N/AC:L/Au:N/C:P/I:N/A:P
Zadnje važnije ažuriranje 24-03-2023 - 16:15
Objavljeno 27-05-2021 - 19:15