CVE-2016-1979

CVE Details

Release Date:2016-03-08

Description


Use-after-free vulnerability in thePK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.

See more information about CVE-2016-1979 from MITRE CVE dictionary and NIST NVD


CVSS v2 metrics


NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score:5.1 Base Metrics:AV:N/AC:H/Au:N/C:P/I:P/A:P
Access Vector: Network Confidentiality Impact: Partial
Access Impact: High Integrity Impact: Partial
Authentication: None required Availability Impact: Partial

Errata information


PlatformErrataRelease Date
Oracle Linux version 5 (nspr)ELSA-2016-06842016-04-25
Oracle Linux version 5 (nss)ELSA-2016-06842016-04-25
Oracle Linux version 6 (nspr)ELSA-2016-05912016-04-05
Oracle Linux version 6 (nss)ELSA-2016-05912016-04-05
Oracle Linux version 6 (nss-util)ELSA-2016-05912016-04-05
Oracle Linux version 7 (nspr)ELSA-2016-06852016-04-25
Oracle Linux version 7 (nss)ELSA-2016-06852016-04-25
Oracle Linux version 7 (nss-softokn)ELSA-2016-06852016-04-25
Oracle Linux version 7 (nss-util)ELSA-2016-06852016-04-25
Oracle VM version 3.2 (nspr)OVMSA-2016-00652016-06-20
Oracle VM version 3.2 (nss)OVMSA-2016-00662016-06-20
Oracle VM version 3.3 (nspr)OVMSA-2016-00422016-04-05
Oracle VM version 3.3 (nss)OVMSA-2016-00422016-04-05
Oracle VM version 3.3 (nss-util)OVMSA-2016-00422016-04-05
Oracle VM version 3.4 (nspr)OVMSA-2016-00422016-04-05
Oracle VM version 3.4 (nss)OVMSA-2016-00422016-04-05
Oracle VM version 3.4 (nss-util)OVMSA-2016-00422016-04-05



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete