CVE-2016-5285

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:avaya:aura_application_enablement_services:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_enablement_services:7.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:-:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp10:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp10.1:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp11:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp11.1:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12.1:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12.2:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12.3:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12.5:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp3:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp5:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp7:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_communication_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_communication_manager:7.0:-:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_communication_manager:7.0:sp:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_communication_manager:7.0:sp3:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_communication_manager_messagint:7.0:-:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_communication_manager_messagint:7.0:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:breeze_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:call_management_system:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:call_management_system:17.0:-:*:*:*:*:*:*
cpe:2.3:a:avaya:call_management_system:17.0:r3:*:*:*:*:*:*
cpe:2.3:a:avaya:call_management_system:17.0:r4:*:*:*:*:*:*
cpe:2.3:a:avaya:call_management_system:17.0:r5:*:*:*:*:*:*
cpe:2.3:a:avaya:call_management_system:17.0:r6:*:*:*:*:*:*
cpe:2.3:a:avaya:iq:5.2.x:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:avaya:cs1000e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:avaya:cs1000e:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:avaya:cs1000m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:avaya:cs1000m:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:avaya:cs1000e\/cs1000m_signaling_server_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:avaya:cs1000e\/cs1000m_signaling_server:-:*:*:*:*:*:*:*

Configuration 9 (hide)

OR cpe:2.3:a:avaya:aura_conferencing:7.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_conferencing:7.2:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_conferencing:8.0:-:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_conferencing:8.0:sp2:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_conferencing:8.0:sp4:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_conferencing:8.0:sp5:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_conferencing:8.0:sp7:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_conferencing:8.0:sp8:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_conferencing:8.0:sp9:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_experience_portal:*:*:*:*:*:*:*:*

Configuration 10 (hide)

OR cpe:2.3:a:avaya:ip_office:8.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:-:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp10:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp11:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp12:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp3:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp4:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp5:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp6:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp7:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp8:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp9:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:-:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:sp2:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:sp3:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:sp4:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:sp5:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:sp6:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:sp7:*:*:*:*:*:*

Configuration 11 (hide)

OR cpe:2.3:a:avaya:aura_messaging:6.3:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_messaging:6.3.3:-:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_messaging:6.3.3:sp4:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_messaging:6.3.3:sp5:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_messaging:6.3.3:sp6:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:7.0:-:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:7.0:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:7.0:sp2:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:7.0.1:-:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:7.0.1:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:7.0.1:sp2:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_utility_services:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_utility_services:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:meeting_exchange:6.2:-:*:*:*:*:*:*
cpe:2.3:a:avaya:meeting_exchange:6.2:sp3:*:*:*:*:*:*
cpe:2.3:a:avaya:message_networking:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:one-x_client_enablement_services:6.2:-:*:*:*:*:*:*
cpe:2.3:a:avaya:one-x_client_enablement_services:6.2:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:one-x_client_enablement_services:6.2:sp2:*:*:*:*:*:*
cpe:2.3:a:avaya:one-x_client_enablement_services:6.2:sp5:*:*:*:*:*:*
cpe:2.3:a:avaya:proactive_contact:*:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
OR cpe:2.3:o:avaya:session_border_controller_for_enterprise_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:avaya:session_border_controller_for_enterprise_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:avaya:session_border_controller_for_enterprise:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:avaya:aura_system_platform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:avaya:aura_system_platform:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:53

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html - () http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html -
References () http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html - () http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html -
References () http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html - Mailing List, Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2016-2779.html - () http://rhn.redhat.com/errata/RHSA-2016-2779.html -
References () http://www.securityfocus.com/bid/94349 - () http://www.securityfocus.com/bid/94349 -
References () http://www.ubuntu.com/usn/USN-3163-1 - () http://www.ubuntu.com/usn/USN-3163-1 -
References () https://bto.bluecoat.com/security-advisory/sa137 - () https://bto.bluecoat.com/security-advisory/sa137 -
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1306103 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1306103 -
References () https://security.gentoo.org/glsa/201701-46 - () https://security.gentoo.org/glsa/201701-46 -

Information

Published : 2019-11-15 16:15

Updated : 2024-11-21 02:53


NVD link : CVE-2016-5285

Mitre link : CVE-2016-5285

CVE.ORG link : CVE-2016-5285


JSON object : View

Products Affected

avaya

  • message_networking
  • cs1000m
  • cs1000m_firmware
  • cs1000e\/cs1000m_signaling_server_firmware
  • cs1000e
  • aura_application_enablement_services
  • call_management_system
  • one-x_client_enablement_services
  • aura_messaging
  • aura_system_platform_firmware
  • aura_conferencing
  • cs1000e_firmware
  • aura_system_platform
  • breeze_platform
  • iq
  • aura_communication_manager
  • aura_session_manager
  • proactive_contact
  • ip_office
  • meeting_exchange
  • aura_utility_services
  • session_border_controller_for_enterprise_firmware
  • aura_communication_manager_messagint
  • aura_application_server_5300
  • aura_system_manager
  • cs1000e\/cs1000m_signaling_server
  • session_border_controller_for_enterprise
  • aura_experience_portal

suse

  • linux_enterprise_server

redhat

  • enterprise_linux

debian

  • debian_linux

mozilla

  • nss
CWE
CWE-476

NULL Pointer Dereference