Release Date: | 2016-03-08 |
Use-after-free vulnerability in thePK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
See more information about CVE-2016-1979 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.
Base Score: | 5.1 | Base Metrics: | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Access Vector: | Network | Attack Complexity: | High |
Authentication: | None required | Confidentiality Impact: | Partial |
Integrity Impact: | Partial | Availability Impact: | Partial |
Platform | Errata | Release Date |
Oracle Linux version 5 (nspr) | ELSA-2016-0684 | 2016-04-25 |
Oracle Linux version 5 (nss) | ELSA-2016-0684 | 2016-04-25 |
Oracle Linux version 6 (nspr) | ELSA-2016-0591 | 2016-04-05 |
Oracle Linux version 6 (nss) | ELSA-2016-0591 | 2016-04-05 |
Oracle Linux version 6 (nss-util) | ELSA-2016-0591 | 2016-04-05 |
Oracle Linux version 7 (nspr) | ELSA-2016-0685 | 2016-04-25 |
Oracle Linux version 7 (nss) | ELSA-2016-0685 | 2016-04-25 |
Oracle Linux version 7 (nss-softokn) | ELSA-2016-0685 | 2016-04-25 |
Oracle Linux version 7 (nss-util) | ELSA-2016-0685 | 2016-04-25 |
Oracle VM version 3.2 (nspr) | OVMSA-2016-0065 | 2016-06-20 |
Oracle VM version 3.2 (nss) | OVMSA-2016-0066 | 2016-06-20 |
Oracle VM version 3.3 (nspr) | OVMSA-2016-0042 | 2016-04-05 |
Oracle VM version 3.3 (nss) | OVMSA-2016-0042 | 2016-04-05 |
Oracle VM version 3.3 (nss-util) | OVMSA-2016-0042 | 2016-04-05 |
Oracle VM version 3.4 (nspr) | OVMSA-2016-0042 | 2016-04-05 |
Oracle VM version 3.4 (nss) | OVMSA-2016-0042 | 2016-04-05 |
Oracle VM version 3.4 (nss-util) | OVMSA-2016-0042 | 2016-04-05 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team