A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
History
21 Nov 2024, 02:53
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html - Mailing List, Third Party Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2016-2779.html - | |
References | () http://www.securityfocus.com/bid/94349 - | |
References | () http://www.ubuntu.com/usn/USN-3163-1 - | |
References | () https://bto.bluecoat.com/security-advisory/sa137 - | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=1306103 - | |
References | () https://security.gentoo.org/glsa/201701-46 - |
Information
Published : 2019-11-15 16:15
Updated : 2024-11-21 02:53
NVD link : CVE-2016-5285
Mitre link : CVE-2016-5285
CVE.ORG link : CVE-2016-5285
JSON object : View
Products Affected
avaya
- message_networking
- cs1000m
- cs1000m_firmware
- cs1000e\/cs1000m_signaling_server_firmware
- cs1000e
- aura_application_enablement_services
- call_management_system
- one-x_client_enablement_services
- aura_messaging
- aura_system_platform_firmware
- aura_conferencing
- cs1000e_firmware
- aura_system_platform
- breeze_platform
- iq
- aura_communication_manager
- aura_session_manager
- proactive_contact
- ip_office
- meeting_exchange
- aura_utility_services
- session_border_controller_for_enterprise_firmware
- aura_communication_manager_messagint
- aura_application_server_5300
- aura_system_manager
- cs1000e\/cs1000m_signaling_server
- session_border_controller_for_enterprise
- aura_experience_portal
suse
- linux_enterprise_server
redhat
- enterprise_linux
debian
- debian_linux
mozilla
- nss
CWE
CWE-476
NULL Pointer Dereference