← Back to CVEs

CVE-2016-1950

N/A

Description

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

CVE Details

CVSS v3.1 ScoreN/A

Published3/13/2016

Last Modified4/12/2025

Sourcenvd

Honeypot Sightings0

Affected Products

apple:iphone_osapple:mac_os_xapple:tvosapple:watchosmozilla:firefoxmozilla:network_security_servicesopensuse:opensuseoracle:glassfish_serveroracle:iplanet_web_proxy_serveroracle:iplanet_web_serveroracle:linuxoracle:vm_server

Weaknesses (CWE)

CWE-119

References

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html(security@mozilla.org)

http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html(security@mozilla.org)

http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html(security@mozilla.org)

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html(security@mozilla.org)

http://rhn.redhat.com/errata/RHSA-2016-0495.html(security@mozilla.org)

http://www.debian.org/security/2016/dsa-3510(security@mozilla.org)

http://www.debian.org/security/2016/dsa-3520(security@mozilla.org)

http://www.debian.org/security/2016/dsa-3688(security@mozilla.org)

http://www.mozilla.org/security/announce/2016/mfsa2016-35.html(security@mozilla.org)

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html(security@mozilla.org)

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html(security@mozilla.org)

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html(security@mozilla.org)

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html(security@mozilla.org)

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html(security@mozilla.org)

http://www.securityfocus.com/bid/84223(security@mozilla.org)

http://www.securitytracker.com/id/1035215(security@mozilla.org)

http://www.ubuntu.com/usn/USN-2917-1(security@mozilla.org)

http://www.ubuntu.com/usn/USN-2917-2(security@mozilla.org)

http://www.ubuntu.com/usn/USN-2917-3(security@mozilla.org)

http://www.ubuntu.com/usn/USN-2924-1(security@mozilla.org)

http://www.ubuntu.com/usn/USN-2934-1(security@mozilla.org)

https://bto.bluecoat.com/security-advisory/sa119(security@mozilla.org)

https://bugzilla.mozilla.org/show_bug.cgi?id=1245528(security@mozilla.org)

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes(security@mozilla.org)

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes(security@mozilla.org)

https://security.gentoo.org/glsa/201605-06(security@mozilla.org)

https://support.apple.com/HT206166(security@mozilla.org)

https://support.apple.com/HT206167(security@mozilla.org)

https://support.apple.com/HT206168(security@mozilla.org)

https://support.apple.com/HT206169(security@mozilla.org)

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html(af854a3a-2127-422b-91ae-364da2661108)

http://rhn.redhat.com/errata/RHSA-2016-0495.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.debian.org/security/2016/dsa-3510(af854a3a-2127-422b-91ae-364da2661108)

http://www.debian.org/security/2016/dsa-3520(af854a3a-2127-422b-91ae-364da2661108)

http://www.debian.org/security/2016/dsa-3688(af854a3a-2127-422b-91ae-364da2661108)

http://www.mozilla.org/security/announce/2016/mfsa2016-35.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/84223(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1035215(af854a3a-2127-422b-91ae-364da2661108)

http://www.ubuntu.com/usn/USN-2917-1(af854a3a-2127-422b-91ae-364da2661108)

http://www.ubuntu.com/usn/USN-2917-2(af854a3a-2127-422b-91ae-364da2661108)

http://www.ubuntu.com/usn/USN-2917-3(af854a3a-2127-422b-91ae-364da2661108)

http://www.ubuntu.com/usn/USN-2924-1(af854a3a-2127-422b-91ae-364da2661108)

http://www.ubuntu.com/usn/USN-2934-1(af854a3a-2127-422b-91ae-364da2661108)

https://bto.bluecoat.com/security-advisory/sa119(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.mozilla.org/show_bug.cgi?id=1245528(af854a3a-2127-422b-91ae-364da2661108)

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes(af854a3a-2127-422b-91ae-364da2661108)

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes(af854a3a-2127-422b-91ae-364da2661108)

https://security.gentoo.org/glsa/201605-06(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/HT206166(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/HT206167(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/HT206168(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/HT206169(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.