RHSA-2020:4076MediumCVSS 8.1

Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update

Published
September 29, 2020
Last Modified
June 27, 2026

🔗 CVE IDs covered (10)

📋 Description

CVE-2019-11719 — nss: Out-of-bounds read when importing curve25519 private key CVE-2019-11727 — nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 CVE-2019-11756 — nss: Use-after-free in sftk_FreeSession due to improper refcounting CVE-2019-17006 — nss: Check length of inputs for cryptographic primitives CVE-2019-17023 — nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state CVE-2020-6829 — nss: Side channel attack on ECDSA signature generation CVE-2020-12400 — nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function CVE-2020-12401 — nss: ECDSA timing attack mitigation bypass CVE-2020-12402 — nss: Side channel vulnerabilities during RSA key generation CVE-2020-12403 — nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read

🔗 References (19)