Upstream information
Description
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| CVSS detail | National Vulnerability Database |
|---|---|
| Base Score | 5.1 |
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
SUSE Security Advisories:
- TID7021279, published Sa 3. Mär 12:00:59 CET 2018
- TID7021518, published Sa 3. Mär 12:01:00 CET 2018
- TID7021676, published Sa 3. Mär 10:24:18 CET 2018
- TID7021848, published Sa 3. Mär 12:00:57 CET 2018
- TID7021872, published Sa 3. Mär 12:00:21 CET 2018
- TID7022102, published Sat Mar 3 09:45:41 UTC 2018
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 07:02:56 2013CVE page last modified: Mon Oct 6 18:15:50 2025