Lucene search

K

[email protected]NVD:CVE-2016-1978

HistoryMar 13, 2016 - 6:59 p.m.

CVE-2016-1978

2016-03-1318:59:27

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

8.2 High

AI Score

Confidence

High

0.077 Low

EPSS

Percentile

94.2%

Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.

Affected configurations

NVD

Node

mozillafirefoxRange≤43.0.4

AND

mozillanetwork_security_servicesRange≤3.20.1

References

lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

rhn.redhat.com/errata/RHSA-2016-0591.html

rhn.redhat.com/errata/RHSA-2016-0684.html

rhn.redhat.com/errata/RHSA-2016-0685.html

www.debian.org/security/2016/dsa-3688

www.mozilla.org/security/announce/2016/mfsa2016-15.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/84275

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1035258

www.ubuntu.com/usn/USN-2973-1

bto.bluecoat.com/security-advisory/sa124

bugzilla.mozilla.org/show_bug.cgi?id=1209546

developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes

security.gentoo.org/glsa/201605-06

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

8.2 High

AI Score

Confidence

High

0.077 Low

EPSS

Percentile

94.2%

Related for NVD:CVE-2016-1978

veracode1 mozilla1 f52 ibm8 ubuntucve1 prion1 cve1 cvelist1 debiancve1 openvas29 oraclelinux3 centos3 nessus26 amazon1 redhat3 freebsd1 symantec1 ubuntu1 debian2 osv2 suse4 gentoo1 oracle1