PT-2016-1466 · Mozilla+4 · Firefox Esr+6

Francis Gabriel

·

Publicado

2016-03-08

·

Atualizado

2024-12-12

·

CVE-2016-1950

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Mozilla Network Security Services (NSS) versions 3.19.2.3 and earlier, 3.20.x, and 3.21.x before 3.21.1 Mozilla Firefox versions prior to 45.0 Firefox ESR 38.x versions prior to 38.7
Description The issue is caused by a heap-based buffer overflow in the Network Security Services (NSS) library, allowing remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. This can be exploited by a remote attacker using specially formed ASN.1 data.
Recommendations For Mozilla Network Security Services (NSS) versions 3.19.2.3 and earlier, 3.20.x, and 3.21.x before 3.21.1, update to version 3.19.2.3 or later, or 3.21.1 or later. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR 38.x versions prior to 38.7, update to version 38.7 or later.

Correção

RCE

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2016-00767
CESA-2016_0370
CVE-2016-1950
DLA-480-1
DSA-3510-1
DSA-3520-1
DSA-3688-1
MGASA-2016-0105
MGASA-2016-0114
OPENSUSE-SU-2016_0731-1
OPENSUSE-SU-2016_0733-1
OPENSUSE-SU-2016_1557-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:10451-1
OPENSUSE-SU-2024:14572-1
RHSA-2016:0370
RHSA-2016:0371
RHSA-2016:0495
RHSA-2016_0370
RHSA-2016_0371
SUSE-SU-2016:0727-1
SUSE-SU-2016:0777-1
SUSE-SU-2016:0909-1
SUSE-SU-2016_0727-1
SUSE-SU-2016_0777-1
SUSE-SU-2016_0909-1
SUSE-SU-2017:1175-1
SUSE-SU-2017:1248-1
USN-2917-1
USN-2917-2
USN-2917-3
USN-2924-1
USN-2934-1

Produtos afetados

Centos
Firefox
Firefox Esr
Network Security Services
Red Hat
Suse
Ubuntu