VDB
ALPINE-CVE-2019-17023
ALPINE-CVE-2019-17023
PUBLISHED
CVSS 6.5 MEDIUM
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.22 | nss | 0, 0, 3.48-r0 |
| Alpine:v3.23 | nss | 0, 3.12.11-r0, 3.12.11-r1 |
| Alpine:v3.19 | nss | 0, 0, 3.48-r0 |
| Alpine:v3.24 | nss | 0, 0 |
| Alpine:v3.20 | nss | 3.28.1-r1, 3.12.10-r0, 3.12.11-r0 |
| Alpine:v3.12 | nss | 3.12.11-r1, 3.12.10-r0, 0 |
| Alpine:v3.21 | nss | 0, 0, 3.48-r0 |
Timeline
- Jan 8, 2020 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 9, 2026 CVE Updated