6.5

CVE-2016-1938

The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseLeap Version42.1
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
MozillaNss Version <= 3.20.1
MozillaFirefox Version <= 43.0.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.12% 0.861
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 3.9 2.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Third Party Advisory
http://www.securityfocus.com/bid/91787
Third Party Advisory
VDB Entry
https://security.gentoo.org/glsa/201605-06
http://www.debian.org/security/2016/dsa-3688
https://security.gentoo.org/glsa/201701-46
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
Third Party Advisory
http://www.securitytracker.com/id/1034825
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html
http://www.ubuntu.com/usn/USN-2880-1
http://www.ubuntu.com/usn/USN-2880-2
http://www.mozilla.org/security/announce/2016/mfsa2016-07.html
Vendor Advisory
http://www.securityfocus.com/bid/81955
http://www.ubuntu.com/usn/USN-2903-1
http://www.ubuntu.com/usn/USN-2903-2
http://www.ubuntu.com/usn/USN-2973-1
https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1190248
Issue Tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=1194947
Issue Tracking
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes
Vendor Advisory
https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c
https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c
https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c