Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:10 relevant versions.
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
nss to version 2:3.26.2-1.1 or higher.