VDB

ALPINE-CVE-2019-17023

ALPINE-CVE-2019-17023 PUBLISHED CVSS 6.5 MEDIUM

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Alpine:v3.22nss0, 0, 3.48-r0
Alpine:v3.23nss0, 3.12.11-r0, 3.12.11-r1
Alpine:v3.19nss0, 0, 3.48-r0
Alpine:v3.24nss0, 0
Alpine:v3.20nss3.28.1-r1, 3.12.10-r0, 3.12.11-r0
Alpine:v3.12nss3.12.11-r1, 3.12.10-r0, 0
Alpine:v3.21nss0, 0, 3.48-r0

Timeline

  • Jan 8, 2020 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 9, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›