Lucene search

[email protected]CVE-2016-1950

HistoryMar 13, 2016 - 6:59 p.m.

CVE-2016-1950

2016-03-1318:59:00

CWE-119

[email protected]

web.nvd.nist.gov

172

cve-2016-1950

network security services

nss

buffer overflow

mozilla firefox

remote code execution

asn.1

x.509

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.7%

JSON

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

Affected configurations

NVD

Node

mozillanetwork_security_servicesMatch3.19.2

mozillanetwork_security_servicesMatch3.20

mozillanetwork_security_servicesMatch3.20.1

mozillanetwork_security_servicesMatch3.21

AND

mozillafirefoxRange≤44.0.2

mozillafirefox_esrMatch38.0

mozillafirefox_esrMatch38.0.1

mozillafirefox_esrMatch38.0.5

mozillafirefox_esrMatch38.1.0

mozillafirefox_esrMatch38.1.1

mozillafirefox_esrMatch38.2.0

mozillafirefox_esrMatch38.2.1

mozillafirefox_esrMatch38.3.0

mozillafirefox_esrMatch38.4.0

mozillafirefox_esrMatch38.5.0

mozillafirefox_esrMatch38.5.1

mozillafirefox_esrMatch38.6.0

mozillafirefox_esrMatch38.6.1

Node

oraclelinuxMatch5.0

oraclelinuxMatch6

oraclelinuxMatch7

oraclevm_serverMatch3.2

Node

appleiphone_osRange≤9.2.1

applemac_os_xRange≤10.11.3

appletvosRange≤9.1

applewatchosRange≤2.1

Node

oracleglassfish_serverMatch2.1.1

oracleiplanet_web_proxy_serverMatch4.0

oracleiplanet_web_serverMatch7.0

Node

oraclelinuxMatch5.0

oraclelinuxMatch6

oraclelinuxMatch7

Node

opensuseopensuseMatch13.1

CPENameOperatorVersion
mozilla:network_security_servicesmozilla network security serviceseq3.19.2
mozilla:network_security_servicesmozilla network security serviceseq3.20
mozilla:network_security_servicesmozilla network security serviceseq3.20.1
mozilla:network_security_servicesmozilla network security serviceseq3.21
mozilla:firefoxmozilla firefoxle44.0.2
mozilla:firefox_esrmozilla firefox esreq38.0
mozilla:firefox_esrmozilla firefox esreq38.0.1
mozilla:firefox_esrmozilla firefox esreq38.0.5
mozilla:firefox_esrmozilla firefox esreq38.1.0
mozilla:firefox_esrmozilla firefox esreq38.1.1

CPE	Name	Operator	Version
mozilla:network_security_services	mozilla network security services	eq	3.19.2
mozilla:network_security_services	mozilla network security services	eq	3.20
mozilla:network_security_services	mozilla network security services	eq	3.20.1
mozilla:network_security_services	mozilla network security services	eq	3.21
mozilla:firefox	mozilla firefox	le	44.0.2
mozilla:firefox_esr	mozilla firefox esr	eq	38.0
mozilla:firefox_esr	mozilla firefox esr	eq	38.0.1
mozilla:firefox_esr	mozilla firefox esr	eq	38.0.5
mozilla:firefox_esr	mozilla firefox esr	eq	38.1.0
mozilla:firefox_esr	mozilla firefox esr	eq	38.1.1

Rows per page:

1-10 of 181

References

lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html

rhn.redhat.com/errata/RHSA-2016-0495.html

www.debian.org/security/2016/dsa-3510

www.debian.org/security/2016/dsa-3520

www.debian.org/security/2016/dsa-3688

www.mozilla.org/security/announce/2016/mfsa2016-35.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/84223

www.securitytracker.com/id/1035215

www.ubuntu.com/usn/USN-2917-1

www.ubuntu.com/usn/USN-2917-2

www.ubuntu.com/usn/USN-2917-3

www.ubuntu.com/usn/USN-2924-1

www.ubuntu.com/usn/USN-2934-1

bto.bluecoat.com/security-advisory/sa119

bugzilla.mozilla.org/show_bug.cgi?id=1245528

developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes

developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes

security.gentoo.org/glsa/201605-06

support.apple.com/HT206166

support.apple.com/HT206167

support.apple.com/HT206168

support.apple.com/HT206169

Social References

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CVE-2016-1950