CVE-2016-5285

EPSS 0.65%
Published 15.11.2019 16:15:10
Last modified 21.11.2024 02:53:59
Source security@mozilla.org
Teams watchlist Login
Open Login

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

Affected products Warnungen 0 Metrics 3 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Nss Version < 3.26

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Redhat ≫ Enterprise Linux Version5.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwEditionltss

Avaya ≫ Aura Application Enablement Services Version >= 6.1 <= 6.3.3

Avaya ≫ Aura Application Enablement Services Version7.0

Avaya ≫ Aura Application Server 5300 Version3.0 Update-

Avaya ≫ Aura Application Server 5300 Version3.0 Updatesp1

Avaya ≫ Aura Application Server 5300 Version3.0 Updatesp10

Avaya ≫ Aura Application Server 5300 Version3.0 Updatesp10.1

Avaya ≫ Aura Application Server 5300 Version3.0 Updatesp11

Avaya ≫ Aura Application Server 5300 Version3.0 Updatesp11.1

Avaya ≫ Aura Application Server 5300 Version3.0 Updatesp12

Avaya ≫ Aura Application Server 5300 Version3.0 Updatesp12.1

Avaya ≫ Aura Application Server 5300 Version3.0 Updatesp12.2

Avaya ≫ Aura Application Server 5300 Version3.0 Updatesp12.3

Avaya ≫ Aura Application Server 5300 Version3.0 Updatesp12.5

Avaya ≫ Aura Application Server 5300 Version3.0 Updatesp3

Avaya ≫ Aura Application Server 5300 Version3.0 Updatesp5

Avaya ≫ Aura Application Server 5300 Version3.0 Updatesp7

Avaya ≫ Aura Communication Manager Version >= 6.0 <= 6.3.117.0

Avaya ≫ Aura Communication Manager Version7.0 Update-

Avaya ≫ Aura Communication Manager Version7.0 Updatesp

Avaya ≫ Aura Communication Manager Version7.0 Updatesp3

Avaya ≫ Aura Communication Manager Messagint Version7.0 Update-

Avaya ≫ Aura Communication Manager Messagint Version7.0 Updatesp1

Avaya ≫ Breeze Platform Version >= 3.0 <= 3.2

Avaya ≫ Call Management System Version >= 18.0.0.1 <= 18.0.0.2

Avaya ≫ Call Management System Version17.0 Update-

Avaya ≫ Call Management System Version17.0 Updater3

Avaya ≫ Call Management System Version17.0 Updater4

Avaya ≫ Call Management System Version17.0 Updater5

Avaya ≫ Call Management System Version17.0 Updater6

Avaya ≫ Iq Version5.2.x

Avaya ≫ Cs1000e Firmware Version >= 7.0 <= 7.6

Avaya ≫ Cs1000e Version-

Avaya ≫ Cs1000m Firmware Version >= 7.0 <= 7.6

Avaya ≫ Cs1000m Version-

Avaya ≫ Cs1000e/cs1000m Signaling Server Firmware Version >= 7.0 <= 7.6

Avaya ≫ Cs1000e/cs1000m Signaling Server Version-

Avaya ≫ Aura Conferencing Version7.0

Avaya ≫ Aura Conferencing Version7.2

Avaya ≫ Aura Conferencing Version8.0 Update-

Avaya ≫ Aura Conferencing Version8.0 Updatesp2

Avaya ≫ Aura Conferencing Version8.0 Updatesp4

Avaya ≫ Aura Conferencing Version8.0 Updatesp5

Avaya ≫ Aura Conferencing Version8.0 Updatesp7

Avaya ≫ Aura Conferencing Version8.0 Updatesp8

Avaya ≫ Aura Conferencing Version8.0 Updatesp9

Avaya ≫ Aura Experience Portal Version >= 6.0 <= 7.1

Avaya ≫ Ip Office Version8.1

Avaya ≫ Ip Office Version9.1 Update-

Avaya ≫ Ip Office Version9.1 Updatesp1

Avaya ≫ Ip Office Version9.1 Updatesp10

Avaya ≫ Ip Office Version9.1 Updatesp11

Avaya ≫ Ip Office Version9.1 Updatesp12

Avaya ≫ Ip Office Version9.1 Updatesp3

Avaya ≫ Ip Office Version9.1 Updatesp4

Avaya ≫ Ip Office Version9.1 Updatesp5

Avaya ≫ Ip Office Version9.1 Updatesp6

Avaya ≫ Ip Office Version9.1 Updatesp7

Avaya ≫ Ip Office Version9.1 Updatesp8

Avaya ≫ Ip Office Version9.1 Updatesp9

Avaya ≫ Ip Office Version10.0 Update-

Avaya ≫ Ip Office Version10.0 Updatesp1

Avaya ≫ Ip Office Version10.0 Updatesp2

Avaya ≫ Ip Office Version10.0 Updatesp3

Avaya ≫ Ip Office Version10.0 Updatesp4

Avaya ≫ Ip Office Version10.0 Updatesp5

Avaya ≫ Ip Office Version10.0 Updatesp6

Avaya ≫ Ip Office Version10.0 Updatesp7

Avaya ≫ Aura Messaging Version6.3

Avaya ≫ Aura Messaging Version6.3.3 Update-

Avaya ≫ Aura Messaging Version6.3.3 Updatesp4

Avaya ≫ Aura Messaging Version6.3.3 Updatesp5

Avaya ≫ Aura Messaging Version6.3.3 Updatesp6

Avaya ≫ Aura Session Manager Version >= 6.3 <= 6.3.18

Avaya ≫ Aura Session Manager Version7.0 Update-

Avaya ≫ Aura Session Manager Version7.0 Updatesp1

Avaya ≫ Aura Session Manager Version7.0 Updatesp2

Avaya ≫ Aura Session Manager Version7.0.1 Update-

Avaya ≫ Aura Session Manager Version7.0.1 Updatesp1

Avaya ≫ Aura Session Manager Version7.0.1 Updatesp2

Avaya ≫ Aura System Manager Version >= 6.3 <= 6.3.18

Avaya ≫ Aura System Manager Version >= 7.0 <= 7.0.1.3

Avaya ≫ Aura Utility Services Version >= 6.3 <= 6.3.14

Avaya ≫ Aura Utility Services Version >= 7.0 <= 7.0.1.2

Avaya ≫ Meeting Exchange Version6.2 Update-

Avaya ≫ Meeting Exchange Version6.2 Updatesp3

Avaya ≫ Message Networking Version >= 5.2 <= 6.3

Avaya ≫ One-x Client Enablement Services Version6.2 Update-

Avaya ≫ One-x Client Enablement Services Version6.2 Updatesp1

Avaya ≫ One-x Client Enablement Services Version6.2 Updatesp2

Avaya ≫ One-x Client Enablement Services Version6.2 Updatesp5

Avaya ≫ Proactive Contact Version >= 5.0 <= 5.1.2

Avaya ≫ Session Border Controller For Enterprise Firmware Version >= 6.2 <= 6.3

Avaya ≫ Session Border Controller For Enterprise Version-

Avaya ≫ Session Border Controller For Enterprise Firmware Version >= 7.0 <= 7.1

Avaya ≫ Session Border Controller For Enterprise Version-

Avaya ≫ Aura System Platform Firmware Version >= 6.3 <= 6.4.0

Avaya ≫ Aura System Platform Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.65%	0.682

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://security.gentoo.org/glsa/201701-46

http://rhn.redhat.com/errata/RHSA-2016-2779.html

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/94349

http://www.ubuntu.com/usn/USN-3163-1

https://bto.bluecoat.com/security-advisory/sa137

https://bugzilla.mozilla.org/show_bug.cgi?id=1306103

https://nvd.nist.gov/vuln/detail/CVE-2016-5285

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5285

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5285

EUVD