Vulnerabilites related to avaya - session_border_controller_for_enterprise
Vulnerability from fkie_nvd
Published
2019-11-15 16:15
Modified
2024-11-21 02:53
Severity ?
Summary
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC43A23-2511-42A3-BA33-C6BABE962FB1",
"versionEndExcluding": "3.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:aura_application_enablement_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D638A011-7DFF-4369-95DB-EE977A9B34DD",
"versionEndIncluding": "6.3.3",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_enablement_services:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00127FED-CA13-44FA-89D5-068A3BFD1782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3FD52516-C173-4F55-A4F1-11E1623E0430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3BAF15A8-A2D8-487E-960F-EB10524A49B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp10:*:*:*:*:*:*",
"matchCriteriaId": "8EE8624E-3F8F-4AC0-9BC9-5DBF2A3BBA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp10.1:*:*:*:*:*:*",
"matchCriteriaId": "3C30F303-BA9F-4934-A358-4EA4C04EB948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp11:*:*:*:*:*:*",
"matchCriteriaId": "D9F3ABDF-6A28-492E-8F6B-53192E7D1917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp11.1:*:*:*:*:*:*",
"matchCriteriaId": "5B984320-0031-4CEF-BDE5-5A5E274DEE11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12:*:*:*:*:*:*",
"matchCriteriaId": "DE3EDB11-5831-403F-B6BB-3A84C0943487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12.1:*:*:*:*:*:*",
"matchCriteriaId": "FD108976-1E55-47F6-806B-2F61661CA128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12.2:*:*:*:*:*:*",
"matchCriteriaId": "A789ADCD-3BAF-4EE3-8342-AFBEF026F71B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12.3:*:*:*:*:*:*",
"matchCriteriaId": "CADCC5A5-8BE4-41FD-BC8D-81607159998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12.5:*:*:*:*:*:*",
"matchCriteriaId": "0D0E4D1B-CA60-4219-ACD7-97BE0B8E10D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18C2C82C-E595-4323-88A7-CE5D23E9F6E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "164809B0-EB36-470E-B9B2-75D5B2754600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "2E2F66A4-FB3A-49BB-AD18-5630A057907B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_communication_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1E43C1-EF6C-423B-A5D0-32E852E4C358",
"versionEndIncluding": "6.3.117.0",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_communication_manager:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2C2E06A0-09B4-40C9-8A62-0EE0BFE1DECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_communication_manager:7.0:sp:*:*:*:*:*:*",
"matchCriteriaId": "615496B7-5D31-46F5-8795-37ADD595C886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_communication_manager:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "53379B70-20CC-4827-AE6A-A1DFA11B3733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_communication_manager_messagint:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "03D34DA0-C975-4A13-BD7E-575CCAE390BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_communication_manager_messagint:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D635CBA4-B881-4113-BA27-6D0EE1CF6E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:breeze_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B33AAA6-8BFD-4398-8DC4-1F7C3B94FDF4",
"versionEndIncluding": "3.2",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:call_management_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6DC0A0C-0FC6-439D-B865-634726034705",
"versionEndIncluding": "18.0.0.2",
"versionStartIncluding": "18.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:call_management_system:17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E328FD0E-115F-4092-AE1E-C22B72350B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:call_management_system:17.0:r3:*:*:*:*:*:*",
"matchCriteriaId": "349543A5-1FD9-46B4-8EAB-52E524A8DF0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:call_management_system:17.0:r4:*:*:*:*:*:*",
"matchCriteriaId": "8D6AA6F0-7AF5-4CC0-8202-65BA15086BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:call_management_system:17.0:r5:*:*:*:*:*:*",
"matchCriteriaId": "A96492BE-C5FC-4936-9B1A-E4675ABB9D79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:call_management_system:17.0:r6:*:*:*:*:*:*",
"matchCriteriaId": "373F0F03-AC30-4D50-B2F5-30DAEF52C8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:iq:5.2.x:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6923AF-6862-4D6C-985A-CF8BF5C3D868",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:avaya:cs1000e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F339C1D-A2C2-4885-B1C6-76923B09C18C",
"versionEndIncluding": "7.6",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:avaya:cs1000e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB8A1AD-47C2-44F9-9C84-796FE0168E5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:avaya:cs1000m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2139CFD-0302-4281-9D9F-70E7D28B8354",
"versionEndIncluding": "7.6",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:avaya:cs1000m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA76EA5-A0AA-4985-9AE5-0C6FA1469E0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:avaya:cs1000e\\/cs1000m_signaling_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53F50E03-897D-45D4-BE6A-3D7B4D0D79F9",
"versionEndIncluding": "7.6",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:avaya:cs1000e\\/cs1000m_signaling_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1690698-8AB7-4129-8935-F08A6D52B559",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5B17F8-B06D-4E95-83F8-AA2AAA90677A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A754AC-0023-4A0C-BFFB-6BF7758435B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4FC61B45-0975-4ED1-BD28-BB5EE5F3A51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:8.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "838A248E-F9E2-4016-82C5-6AAEA21B5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:8.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A1BB9C6F-0171-41E7-A4FF-CDBCE360EDAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:8.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "4C0B69F2-7AB0-4E22-98F4-083E26BDA27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:8.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "5FC7A8E0-5AEF-4FA3-AC1D-63F7F609E781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:8.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "DEFC084B-FCC2-438E-B65D-8B139F995551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_conferencing:8.0:sp9:*:*:*:*:*:*",
"matchCriteriaId": "FDD6F033-9716-42FB-9A2F-B08EDAAE1438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_experience_portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3910F71-B4AE-40CC-9EDC-27160869A4FC",
"versionEndIncluding": "7.1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:ip_office:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28DCFA27-23EB-4BBE-A020-F1854E4064A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "51C14CE3-651D-4503-9711-088B9CF773A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9468982C-DB32-490B-9131-9D35E8339467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp10:*:*:*:*:*:*",
"matchCriteriaId": "4B490A4A-A837-4CC6-8A44-5A7F03D73619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp11:*:*:*:*:*:*",
"matchCriteriaId": "C4A09C00-8D54-4674-A1D9-2F5AAD44CDD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp12:*:*:*:*:*:*",
"matchCriteriaId": "67BFAB48-462F-4E95-9619-7A54E4BDF6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "E488E9F3-5329-43F1-AC9D-36760B95C91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "CDD19739-0237-4C6F-9B6C-E47C9053F82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "ACC5B2C8-CA4E-4482-8842-52886C5D5397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "09060F4E-DDB3-4C45-B628-6357ED0FA008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "7C6013D3-4D4C-46F8-82E6-271FB44FD126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "B1BED830-57D9-4051-B9D0-4E010AFA7451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:9.1:sp9:*:*:*:*:*:*",
"matchCriteriaId": "110B4593-6CF2-443B-AC7D-7DA98C44058C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "0AF32565-F747-4450-841E-B54E2977BA91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "B86F3D17-7408-4721-9921-3EB702018C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BA3D7B64-7AD6-47D0-846D-A70C2838B653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0EF71DB4-1523-4270-B0D8-0D20A2A6EAE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "2E32E623-597A-4931-B7CF-EED6EEBA61DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "47898FEC-4BB7-469F-9020-2D9FB1B2C50E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "D429B865-B22A-4F9B-922F-D1F817DF1147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:ip_office:10.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "AE40493E-ED60-4BFC-9E48-D3148E4D0834",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:aura_messaging:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF272A94-7530-4DA2-9933-87984366BFAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_messaging:6.3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "F428AFF6-9DF7-4B7D-AC2E-8031AEA61F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_messaging:6.3.3:sp4:*:*:*:*:*:*",
"matchCriteriaId": "7C31ABCE-668E-455A-A3BC-6F42E1E5C973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_messaging:6.3.3:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C370E9B0-72EB-47E2-8FD9-F6A65ABE26E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_messaging:6.3.3:sp6:*:*:*:*:*:*",
"matchCriteriaId": "834D01F3-8266-4202-BB9A-B2805FE4FEDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_session_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1433DE76-61AC-44FD-A5A4-1747F8F2FEF9",
"versionEndIncluding": "6.3.18",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_session_manager:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AEBC4E93-E283-446B-A928-8B8B51F2C154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_session_manager:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E88C0156-15E8-4F2F-8015-8ED421874863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_session_manager:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BEF48D0A-732F-4C32-A3BB-F0F8A777DC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_session_manager:7.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "81979E50-603A-4210-9C27-F3B9974DC226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_session_manager:7.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "822B7EBF-C87D-4247-9F7F-10B94A37EEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_session_manager:7.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "046A0465-FF7B-4F25-8502-FFD3C6D9D375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B532A02-FF99-4102-AB99-4ED89875E436",
"versionEndIncluding": "6.3.18",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA21572A-1848-4B45-88EE-FAA3A13E4B47",
"versionEndIncluding": "7.0.1.3",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_utility_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B3D7C4-968C-4F8D-95A6-FC2BF6DC80EA",
"versionEndIncluding": "6.3.14",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:aura_utility_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5C4CAB-B2B9-4892-8183-31AC1DB17FA5",
"versionEndIncluding": "7.0.1.2",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:meeting_exchange:6.2:-:*:*:*:*:*:*",
"matchCriteriaId": "88AD2F3E-8B67-4FFF-87F0-6624C7026EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:meeting_exchange:6.2:sp3:*:*:*:*:*:*",
"matchCriteriaId": "153B3C0F-9FF7-4CC6-BA38-157C66E93410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:message_networking:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6ADC723-586B-4836-9A39-99DFE46E630D",
"versionEndIncluding": "6.3",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:one-x_client_enablement_services:6.2:-:*:*:*:*:*:*",
"matchCriteriaId": "D0EBE856-466D-4F6B-A10A-B1DFCD703189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:one-x_client_enablement_services:6.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1CD0A719-AF58-450B-A6D9-D2AEE9DDE409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:one-x_client_enablement_services:6.2:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8D3B3F6-EBB2-42DC-8749-EB8C1DF29C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:one-x_client_enablement_services:6.2:sp5:*:*:*:*:*:*",
"matchCriteriaId": "101133AA-42DF-44E1-A6BC-AA1131EEA2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avaya:proactive_contact:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DEDCFB-3074-4E52-A2D8-0B78B0DBDF85",
"versionEndIncluding": "5.1.2",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:avaya:session_border_controller_for_enterprise_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "143AC145-18D3-41B4-9E6F-DC16B94854B1",
"versionEndIncluding": "6.3",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:avaya:session_border_controller_for_enterprise_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9492A764-F772-428F-B81D-90B109829F0C",
"versionEndIncluding": "7.1",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:avaya:session_border_controller_for_enterprise:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA3E439-6712-4345-A918-A300163CAF94",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:avaya:aura_system_platform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBD8DDDA-535C-4141-B0E5-2B379FA28AB4",
"versionEndIncluding": "6.4.0",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:avaya:aura_system_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC5935AB-8E13-4CD5-8CAE-91A9C5786880",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desreferencia de puntero nulo en Mozilla Network Security Services debido a una falta de verificaci\u00f3n NULL en PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, lo que podr\u00eda permitir que un usuario malintencionado remoto cause una Denegaci\u00f3n de servicio."
}
],
"id": "CVE-2016-5285",
"lastModified": "2024-11-21T02:53:59.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-15T16:15:10.110",
"references": [
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/94349"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-3163-1"
},
{
"source": "security@mozilla.org",
"url": "https://bto.bluecoat.com/security-advisory/sa137"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3163-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-46"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-23 21:15
Modified
2024-11-21 05:36
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x
References
| ▼ | URL | Tags | |
|---|---|---|---|
| securityalerts@avaya.com | https://downloads.avaya.com/css/P8/documents/101075451 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://downloads.avaya.com/css/P8/documents/101075451 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | session_border_controller_for_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:avaya:session_border_controller_for_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "078C3F96-CA3A-4C3D-8586-7157A350DB30",
"versionEndExcluding": "8.1.2.0",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x"
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos en Avaya Session Border Controller for Enterprise, podr\u00eda permitir a un atacante remoto autenticado enviar mensajes especialmente dise\u00f1ados y ejecutar comandos arbitrarios con los privilegios del sistema afectado.\u0026#xa0;Las versiones afectadas de Avaya Session Border Controller for Enterprise incluyen versiones 7.x, 8.0 hasta 8.1.1.x"
}
],
"id": "CVE-2020-7034",
"lastModified": "2024-11-21T05:36:31.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "securityalerts@avaya.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-23T21:15:08.017",
"references": [
{
"source": "securityalerts@avaya.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
}
],
"sourceIdentifier": "securityalerts@avaya.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "securityalerts@avaya.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-7034
Vulnerability from cvelistv5
Published
2021-04-23 20:15
Modified
2024-09-16 23:06
Severity ?
EPSS score ?
Summary
A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x
References
| ▼ | URL | Tags |
|---|---|---|
| https://downloads.avaya.com/css/P8/documents/101075451 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Avaya | Session Border Controller for Enterprise |
Version: 7.x Version: 8.0 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Session Border Controller for Enterprise",
"vendor": "Avaya",
"versions": [
{
"status": "affected",
"version": "7.x"
},
{
"lessThanOrEqual": "8.1.1.x",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T20:15:15",
"orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"shortName": "avaya"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
}
],
"source": {
"advisory": "ASA-2021-031"
},
"title": "Command injection in Avaya Session Border Controller for Enterprise",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "securityalerts@avaya.com",
"DATE_PUBLIC": "2021-04-23T06:00:00.000Z",
"ID": "CVE-2020-7034",
"STATE": "PUBLIC",
"TITLE": "Command injection in Avaya Session Border Controller for Enterprise"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Session Border Controller for Enterprise",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_name": "8.0",
"version_value": "8.1.1.x"
},
{
"affected": "=",
"version_affected": "=",
"version_name": "7.x",
"version_value": "7.x"
}
]
}
}
]
},
"vendor_name": "Avaya"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.avaya.com/css/P8/documents/101075451",
"refsource": "CONFIRM",
"url": "https://downloads.avaya.com/css/P8/documents/101075451"
}
]
},
"source": {
"advisory": "ASA-2021-031"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"assignerShortName": "avaya",
"cveId": "CVE-2020-7034",
"datePublished": "2021-04-23T20:15:15.818773Z",
"dateReserved": "2020-01-14T00:00:00",
"dateUpdated": "2024-09-16T23:06:35.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5285
Vulnerability from cvelistv5
Published
2019-11-15 15:44
Modified
2024-08-06 00:53
Severity ?
EPSS score ?
Summary
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/94349 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201701-46 | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2016-2779.html | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html | x_refsource_MISC | |
| http://www.ubuntu.com/usn/USN-3163-1 | x_refsource_MISC | |
| https://bto.bluecoat.com/security-advisory/sa137 | x_refsource_MISC | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1306103 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Mozilla | Network Security Services |
Version: 3.24 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94349"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3163-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa137"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Network Security Services",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "3.24"
}
]
}
],
"datePublic": "2016-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-09T19:53:19",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/94349"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-3163-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bto.bluecoat.com/security-advisory/sa137"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-5285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Security Services",
"version": {
"version_data": [
{
"version_value": "3.24"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
},
{
"name": "http://www.securityfocus.com/bid/94349",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/94349"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
},
{
"name": "https://security.gentoo.org/glsa/201701-46",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2016-2779.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
},
{
"name": "http://www.ubuntu.com/usn/USN-3163-1",
"refsource": "MISC",
"url": "http://www.ubuntu.com/usn/USN-3163-1"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa137",
"refsource": "MISC",
"url": "https://bto.bluecoat.com/security-advisory/sa137"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-5285",
"datePublished": "2019-11-15T15:44:05",
"dateReserved": "2016-06-03T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}