{"id":"CVE-2020-12403","details":"A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.","modified":"2026-04-16T04:38:48.843894082Z","published":"2021-05-27T19:15:07.953Z","related":["SUSE-RU-2021:14818-1","SUSE-RU-2021:3115-1","SUSE-RU-2021:3115-2","SUSE-RU-2021:3116-1","openSUSE-SU-2024:11058-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html"},{"type":"ADVISORY","url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230324-0006/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868931"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12403.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"3.55"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}