CVE-2019-17023

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-17023

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-17023.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-17023

Downstream

ALPINE-CVE-2019-17023

DEBIAN-CVE-2019-17023

DSA-4726-1

RHSA-2020:3280

RHSA-2020:4076

UBUNTU-CVE-2019-17023

USN-4234-1

USN-4397-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:14572-1

Related

Published

2020-01-08T22:15:12Z

Modified

2025-08-09T20:01:26Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

References

Affected packages