fkie_nvd - fkie_cve-2016-1950

FKIE_CVE-2016-1950

Vulnerability from fkie_nvd - Published: 2016-03-13 18:59 - Updated: 2025-04-12 10:46

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

References

URL	Tags
security@mozilla.org	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html	Mailing List
security@mozilla.org	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html	Mailing List
security@mozilla.org	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html	Mailing List
security@mozilla.org	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	Mailing List
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html	Third Party Advisory
security@mozilla.org	http://rhn.redhat.com/errata/RHSA-2016-0495.html
security@mozilla.org	http://www.debian.org/security/2016/dsa-3510
security@mozilla.org	http://www.debian.org/security/2016/dsa-3520
security@mozilla.org	http://www.debian.org/security/2016/dsa-3688
security@mozilla.org	http://www.mozilla.org/security/announce/2016/mfsa2016-35.html	Vendor Advisory
security@mozilla.org	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
security@mozilla.org	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Third Party Advisory
security@mozilla.org	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
security@mozilla.org	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
security@mozilla.org	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Third Party Advisory
security@mozilla.org	http://www.securityfocus.com/bid/84223
security@mozilla.org	http://www.securitytracker.com/id/1035215
security@mozilla.org	http://www.ubuntu.com/usn/USN-2917-1
security@mozilla.org	http://www.ubuntu.com/usn/USN-2917-2
security@mozilla.org	http://www.ubuntu.com/usn/USN-2917-3
security@mozilla.org	http://www.ubuntu.com/usn/USN-2924-1
security@mozilla.org	http://www.ubuntu.com/usn/USN-2934-1
security@mozilla.org	https://bto.bluecoat.com/security-advisory/sa119
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1245528	Issue Tracking
security@mozilla.org	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes	Release Notes
security@mozilla.org	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes	Release Notes
security@mozilla.org	https://security.gentoo.org/glsa/201605-06
security@mozilla.org	https://support.apple.com/HT206166	Third Party Advisory
security@mozilla.org	https://support.apple.com/HT206167	Third Party Advisory
security@mozilla.org	https://support.apple.com/HT206168	Third Party Advisory
security@mozilla.org	https://support.apple.com/HT206169	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2016-0495.html
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3510
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3520
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3688
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2016/mfsa2016-35.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/84223
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035215
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2917-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2917-2
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2917-3
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2924-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2934-1
af854a3a-2127-422b-91ae-364da2661108	https://bto.bluecoat.com/security-advisory/sa119
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1245528	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201605-06
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206166	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206167	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206168	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206169	Third Party Advisory

Impacted products

Vendor	Product	Version
mozilla	network_security_services	3.19.2
mozilla	network_security_services	3.20
mozilla	network_security_services	3.20.1
mozilla	network_security_services	3.21
mozilla	firefox	*
mozilla	firefox	38.0
mozilla	firefox	38.0.1
mozilla	firefox	38.0.5
mozilla	firefox	38.1.0
mozilla	firefox	38.1.1
mozilla	firefox	38.2.0
mozilla	firefox	38.2.1
mozilla	firefox	38.3.0
mozilla	firefox	38.4.0
mozilla	firefox	38.5.0
mozilla	firefox	38.5.1
mozilla	firefox	38.6.0
mozilla	firefox	38.6.1
oracle	linux	5.0
oracle	linux	6
oracle	linux	7
oracle	vm_server	3.2
apple	iphone_os	*
apple	mac_os_x	*
apple	tvos	*
apple	watchos	*
oracle	glassfish_server	2.1.1
oracle	iplanet_web_proxy_server	4.0
oracle	iplanet_web_server	7.0
oracle	linux	5.0
oracle	linux	6
oracle	linux	7
opensuse	opensuse	13.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "052B697D-EF07-43AD-A2FF-4A2CCE3540A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "5648F313-022B-45A7-8C65-C757A28D3886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ED6B6EF-D19A-474B-893E-6A0C5BCF0356",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C9E67E8-CD01-4E19-9003-7E31A0942DB4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2CA2CAD-3088-47C2-AE3A-607E6064E9BE",
              "versionEndIncluding": "44.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F007CC6-9391-4E1C-A747-F3DE5E572FA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "45E9641F-430C-4B3A-BD63-EC13DBD3D1E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1343A1FD-98CF-4A6C-A697-1253E538FD5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D098567-B55E-4EAC-8FAA-31FAFDD4058F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE0389BC-D295-4957-8AE7-EDAC770F596D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E75E69A5-AC94-4F35-9EFB-1BFF8B78210D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2765E663-C9CF-476A-B7A8-6F02D0E2D72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B4E871-0ACB-4EC5-8392-EAD0DF25E64B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "435D6EF5-C879-4121-9D47-EF2236E53409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5963D11-D2F4-40A7-81CE-E034C91FCCBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:38.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FB022A7-B792-4AC0-B2CF-AF6F384AE719",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3CCD459-9E6D-4731-8054-CDF8B58454A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FEC7F7E-AA94-4405-93D6-D0194A37D3C9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "080450EA-85C1-454D-98F9-5286D69CF237",
              "versionEndIncluding": "9.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82",
              "versionEndIncluding": "10.11.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7CF16CB-120B-4FC0-B7A2-2FCD3324EA8A",
              "versionEndIncluding": "9.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBF14807-BA21-480B-9ED0-A6D53352E87F",
              "versionEndIncluding": "2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E80F5AC-A2EF-4D8A-AE8F-5DD0FF9B48C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9E3545-A799-427A-8FE4-1E8231A7A284",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A972CA67-3909-4E9A-B8FC-7AAE5126528A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3CCD459-9E6D-4731-8054-CDF8B58454A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate."
    },
    {
      "lang": "es",
      "value": "El desbordamiento de buffer basado en memoria din\u00e1mica en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.3 y 3.20.x y 3.21.x en versiones anteriores a 3.21.1, tal y como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7, permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos ASN.1 manipulados en un certificado X.509.\""
    }
  ],
  "id": "CVE-2016-1950",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-13T18:59:00.193",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0495.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.debian.org/security/2016/dsa-3510"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.debian.org/security/2016/dsa-3520"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.debian.org/security/2016/dsa-3688"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securityfocus.com/bid/84223"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securitytracker.com/id/1035215"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2917-1"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2917-2"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2917-3"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2924-1"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2934-1"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://bto.bluecoat.com/security-advisory/sa119"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://security.gentoo.org/glsa/201605-06"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT206166"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT206167"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT206168"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT206169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0495.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3510"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/84223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035215"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2917-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2917-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2917-3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2924-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2934-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bto.bluecoat.com/security-advisory/sa119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201605-06"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT206166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT206167"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT206168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT206169"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2016-1950 (GCVE-0-2016-1950)

Vulnerability from cvelistv5 – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:10

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mozilla

References

URL

Tags

	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	https://bto.bluecoat.com/security-advisory/sa119	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3688	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.mozilla.org/security/announce/2016/mfs…	x_refsource_CONFIRM
	https://support.apple.com/HT206167	x_refsource_CONFIRM
	https://support.apple.com/HT206168	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/84223	vdb-entryx_refsource_BID
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2917-1	vendor-advisoryx_refsource_UBUNTU
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.debian.org/security/2016/dsa-3520	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3510	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2924-1	vendor-advisoryx_refsource_UBUNTU
	http://www.securitytracker.com/id/1035215	vdb-entryx_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201605-06	vendor-advisoryx_refsource_GENTOO
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.ubuntu.com/usn/USN-2934-1	vendor-advisoryx_refsource_UBUNTU
	https://support.apple.com/HT206169	x_refsource_CONFIRM
	https://developer.mozilla.org/en-US/docs/Mozilla/…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-0495.html	vendor-advisoryx_refsource_REDHAT
	https://developer.mozilla.org/en-US/docs/Mozilla/…	x_refsource_CONFIRM
	https://support.apple.com/HT206166	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=1245528	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2917-2	vendor-advisoryx_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2917-3	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:10:40.259Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa119"
          },
          {
            "name": "DSA-3688",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3688"
          },
          {
            "name": "openSUSE-SU-2016:1557",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
          },
          {
            "name": "APPLE-SA-2016-03-21-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206167"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206168"
          },
          {
            "name": "84223",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84223"
          },
          {
            "name": "SUSE-SU-2016:0820",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "APPLE-SA-2016-03-21-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2016:0731",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
          },
          {
            "name": "SUSE-SU-2016:0727",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "USN-2917-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2917-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "APPLE-SA-2016-03-21-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
          },
          {
            "name": "DSA-3520",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3520"
          },
          {
            "name": "SUSE-SU-2016:0909",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
          },
          {
            "name": "DSA-3510",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3510"
          },
          {
            "name": "openSUSE-SU-2016:0733",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
          },
          {
            "name": "USN-2924-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2924-1"
          },
          {
            "name": "1035215",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035215"
          },
          {
            "name": "SUSE-SU-2016:0777",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "GLSA-201605-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201605-06"
          },
          {
            "name": "APPLE-SA-2016-03-21-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
          },
          {
            "name": "USN-2934-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2934-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206169"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes"
          },
          {
            "name": "RHSA-2016:0495",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0495.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206166"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"
          },
          {
            "name": "USN-2917-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2917-2"
          },
          {
            "name": "USN-2917-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2917-3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa119"
        },
        {
          "name": "DSA-3688",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3688"
        },
        {
          "name": "openSUSE-SU-2016:1557",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
        },
        {
          "name": "APPLE-SA-2016-03-21-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206167"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206168"
        },
        {
          "name": "84223",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/84223"
        },
        {
          "name": "SUSE-SU-2016:0820",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "APPLE-SA-2016-03-21-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2016:0731",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
        },
        {
          "name": "SUSE-SU-2016:0727",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "USN-2917-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2917-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "APPLE-SA-2016-03-21-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
        },
        {
          "name": "DSA-3520",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3520"
        },
        {
          "name": "SUSE-SU-2016:0909",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
        },
        {
          "name": "DSA-3510",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3510"
        },
        {
          "name": "openSUSE-SU-2016:0733",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
        },
        {
          "name": "USN-2924-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2924-1"
        },
        {
          "name": "1035215",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035215"
        },
        {
          "name": "SUSE-SU-2016:0777",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "GLSA-201605-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201605-06"
        },
        {
          "name": "APPLE-SA-2016-03-21-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
        },
        {
          "name": "USN-2934-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2934-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206169"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes"
        },
        {
          "name": "RHSA-2016:0495",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0495.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206166"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"
        },
        {
          "name": "USN-2917-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2917-2"
        },
        {
          "name": "USN-2917-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2917-3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2016-1950",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa119",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa119"
            },
            {
              "name": "DSA-3688",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3688"
            },
            {
              "name": "openSUSE-SU-2016:1557",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
            },
            {
              "name": "https://support.apple.com/HT206167",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206167"
            },
            {
              "name": "https://support.apple.com/HT206168",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206168"
            },
            {
              "name": "84223",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/84223"
            },
            {
              "name": "SUSE-SU-2016:0820",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "name": "openSUSE-SU-2016:0731",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
            },
            {
              "name": "SUSE-SU-2016:0727",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "USN-2917-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2917-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "DSA-3520",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3520"
            },
            {
              "name": "SUSE-SU-2016:0909",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
            },
            {
              "name": "DSA-3510",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3510"
            },
            {
              "name": "openSUSE-SU-2016:0733",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
            },
            {
              "name": "USN-2924-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2924-1"
            },
            {
              "name": "1035215",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035215"
            },
            {
              "name": "SUSE-SU-2016:0777",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "GLSA-201605-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201605-06"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "name": "USN-2934-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2934-1"
            },
            {
              "name": "https://support.apple.com/HT206169",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206169"
            },
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes",
              "refsource": "CONFIRM",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes"
            },
            {
              "name": "RHSA-2016:0495",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0495.html"
            },
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes",
              "refsource": "CONFIRM",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
            },
            {
              "name": "https://support.apple.com/HT206166",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206166"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"
            },
            {
              "name": "USN-2917-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2917-2"
            },
            {
              "name": "USN-2917-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2917-3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2016-1950",
    "datePublished": "2016-03-13T18:00:00",
    "dateReserved": "2016-01-20T00:00:00",
    "dateUpdated": "2024-08-05T23:10:40.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2016-1950

CVE-2016-1950 (GCVE-0-2016-1950)

Tags

Sightings

Nomenclature