CVE-2016-1950 Information

Feb 14, 2021 cve

Description

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1 as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://rhn.redhat.com/errata/RHSA-2016-0495.html http://www.debian.org/security/2016/dsa-3510 http://www.debian.org/security/2016/dsa-3520 http://www.debian.org/security/2016/dsa-3688 http://www.mozilla.org/security/announce/2016/mfsa2016-35.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/84223 http://www.securitytracker.com/id/1035215 http://www.ubuntu.com/usn/USN-2917-1 http://www.ubuntu.com/usn/USN-2917-2 http://www.ubuntu.com/usn/USN-2917-3 http://www.ubuntu.com/usn/USN-2924-1 http://www.ubuntu.com/usn/USN-2934-1 https://bto.bluecoat.com/security-advisory/sa119 https://bugzilla.mozilla.org/show_bug.cgi?id=1245528 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes https://security.gentoo.org/glsa/201605-06 https://support.apple.com/HT206166 https://support.apple.com/HT206167 https://support.apple.com/HT206168 https://support.apple.com/HT206169

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8

Share on: