View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-12384 severity moderate: SUSE including 513 source package names (1.0.0.1862.1.5.2:libfreebl3-3.40.1-3.7.2, 1.0.0.1862.1.5.2:libsoftokn3-3.40.1-3.7.2, …), 1425 product×package rows across 338 product lines (Container bci/bci-sle15-kernel-module-devel, Container bci/kiwi, … (338 product lines)): Fixed 1113, Known Affected 157, Known Not Affected 155.
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.