Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-1978

Опубликовано: 08 мар. 2016
Источник: redhat
CVSS2: 5.1
EPSS Низкий

Описание

Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.

A use-after-free flaw was found in the way NSS handled DHE (Diffie–Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1315565nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15)

EPSS

Процентиль: 85%
0.02754
Низкий

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-1978

CVSS3: 7.3
ubuntu
больше 9 лет назад

Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.

nvd логотип

CVE-2016-1978

CVSS3: 7.3
nvd
больше 9 лет назад

Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.

debian логотип

CVE-2016-1978

CVSS3: 7.3
debian
больше 9 лет назад

Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange f ...

github логотип

GHSA-f6w7-986w-qhfq

CVSS3: 7.3
github
больше 3 лет назад

Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.

fstec логотип

BDU:2016-00740

fstec
больше 9 лет назад

Уязвимость набора библиотек Network Security Services, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

EPSS

Процентиль: 85%
0.02754
Низкий

5.1 Medium

CVSS2