Home

CVE-2018-12384

Description

When handling a SSLv2-compatible ClientHello request, the server doesnt generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.

Risk Information

Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.78

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3Windows
Network Security Service library (USN-3336-1) libnss3_3.28.4-0ubuntu0.14.04.4_i386.debLinux
Network Security Service library (USN-3336-1) libnss3_3.28.4-0ubuntu0.14.04.4_amd64.debLinux
Network Security Service library (USN-3336-1) libnss3_3.28.4-0ubuntu0.16.04.4_i386.debLinux
Network Security Service library (USN-3336-1) libnss3_3.28.4-0ubuntu0.16.04.4_amd64.debLinux
Network Security Service library (USN-3431-1) libnss3_3.28.4-0ubuntu0.14.04.4_i386.debLinux
Network Security Service library (USN-3431-1) libnss3_3.28.4-0ubuntu0.14.04.4_amd64.debLinux
Network Security Service library (USN-3431-1) libnss3_3.28.4-0ubuntu0.16.04.4_i386.debLinux
Network Security Service library (USN-3431-1) libnss3_3.28.4-0ubuntu0.16.04.4_amd64.debLinux
Network Security Service library (USN-3850-1) libnss3_3.35-2ubuntu2.1_i386.debLinux
Network Security Service library (USN-3850-1) libnss3_3.35-2ubuntu2.1_amd64.debLinux
Network Security Service library (USN-3850-1) libnss3_3.36.1-1ubuntu1.1_i386.debLinux
Network Security Service library (USN-3850-1) libnss3_3.36.1-1ubuntu1.1_amd64.debLinux
Network Security Service library (USN-3850-1) libnss3_3.28.4-0ubuntu0.14.04.4_i386.debLinux
Network Security Service library (USN-3850-1) libnss3_3.28.4-0ubuntu0.14.04.4_amd64.debLinux
Network Security Service library (USN-3850-1) libnss3_3.28.4-0ubuntu0.16.04.4_i386.debLinux
Network Security Service library (USN-3850-1) libnss3_3.28.4-0ubuntu0.16.04.4_amd64.debLinux
(RHSA-2018:2768) nss security update nss-3.36.0-7.el7_5.i686.rpmLinux
(RHSA-2018:2768) nss security update nss-3.36.0-7.el7_5.x86_64.rpmLinux
(RHSA-2018:2768) nss security update nss-devel-3.36.0-7.el7_5.i686.rpmLinux
(RHSA-2018:2768) nss security update nss-devel-3.36.0-7.el7_5.x86_64.rpmLinux
(RHSA-2018:2768) nss security update nss-pkcs11-devel-3.36.0-7.el7_5.i686.rpmLinux
(RHSA-2018:2768) nss security update nss-pkcs11-devel-3.36.0-7.el7_5.x86_64.rpmLinux
(RHSA-2018:2768) nss security update nss-sysinit-3.36.0-7.el7_5.x86_64.rpmLinux
(RHSA-2018:2768) nss security update nss-tools-3.36.0-7.el7_5.x86_64.rpmLinux
(RHSA-2018:2898) nss security update nss-3.36.0-9.el6_10.i686.rpmLinux
(RHSA-2018:2898) nss security update nss-3.36.0-9.el6_10.x86_64.rpmLinux
(RHSA-2018:2898) nss security update nss-devel-3.36.0-9.el6_10.i686.rpmLinux
(RHSA-2018:2898) nss security update nss-devel-3.36.0-9.el6_10.x86_64.rpmLinux
(RHSA-2018:2898) nss security update nss-pkcs11-devel-3.36.0-9.el6_10.i686.rpmLinux
(RHSA-2018:2898) nss security update nss-pkcs11-devel-3.36.0-9.el6_10.x86_64.rpmLinux
(RHSA-2018:2898) nss security update nss-sysinit-3.36.0-9.el6_10.i686.rpmLinux
(RHSA-2018:2898) nss security update nss-sysinit-3.36.0-9.el6_10.x86_64.rpmLinux
(RHSA-2018:2898) nss security update nss-tools-3.36.0-9.el6_10.i686.rpmLinux
(RHSA-2018:2898) nss security update nss-tools-3.36.0-9.el6_10.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Server 12-SP3 ) libfreebl3-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Server 12-SP3 ) libfreebl3-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libfreebl3-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libfreebl3-debuginfo-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsoftokn3-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsoftokn3-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsoftokn3-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsoftokn3-debuginfo-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nspr-4.20-19.6.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nspr-32bit-4.20-19.6.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nspr-debuginfo-4.20-19.6.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nspr-debuginfo-32bit-4.20-19.6.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nspr-debugsource-4.20-19.6.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-certs-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-certs-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-certs-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-certs-debuginfo-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-debuginfo-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-debugsource-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-sysinit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-sysinit-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-sysinit-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-tools-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-tools-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-60.4.0esr-109.55.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debuginfo-60.4.0esr-109.55.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debugsource-60.4.0esr-109.55.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-translations-common-60.4.0esr-109.55.1.x86_64.rpmLinux
Nss update (ELSA-2018-2898) nss-3.36.0-9.0.1.el6_10.x86_64.rpmLinux
Nss-devel update (ELSA-2018-2898) nss-devel-3.36.0-9.0.1.el6_10.x86_64.rpmLinux
Nss-pkcs11-devel update (ELSA-2018-2898) nss-pkcs11-devel-3.36.0-9.0.1.el6_10.x86_64.rpmLinux
Nss-sysinit update (ELSA-2018-2898) nss-sysinit-3.36.0-9.0.1.el6_10.x86_64.rpmLinux
Nss-tools update (ELSA-2018-2898) nss-tools-3.36.0-9.0.1.el6_10.x86_64.rpmLinux
Nss update (ELSA-2018-2898) nss-3.36.0-9.0.1.el6_10.i686.rpmLinux
Nss-devel update (ELSA-2018-2898) nss-devel-3.36.0-9.0.1.el6_10.i686.rpmLinux
Nss-pkcs11-devel update (ELSA-2018-2898) nss-pkcs11-devel-3.36.0-9.0.1.el6_10.i686.rpmLinux
Nss-sysinit update (ELSA-2018-2898) nss-sysinit-3.36.0-9.0.1.el6_10.i686.rpmLinux
Nss-tools update (ELSA-2018-2898) nss-tools-3.36.0-9.0.1.el6_10.i686.rpmLinux
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2018-12384)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234