exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2016-1979

Status Candidate

Overview

Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.

Related Files

Debian Security Advisory 3688-1
Posted Oct 6, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3688-1 - Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-4000, CVE-2015-7181, CVE-2015-7182, CVE-2015-7575, CVE-2016-1938, CVE-2016-1950, CVE-2016-1978, CVE-2016-1979, CVE-2016-2834
SHA-256 | b93966cf45b459b94721e41f799657ce1d921ea91d32c39e7fe841f2d97f11e7
Ubuntu Security Notice USN-2973-1
Posted May 19, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2973-1 - Christian Holler, Tyson Smith, and Phil Ringalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Hanno Boeck discovered that calculations with mp_div and mp_exptmod in NSS produce incorrect results in some circumstances, resulting in cryptographic weaknesses. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1938, CVE-2016-1978, CVE-2016-1979, CVE-2016-2805, CVE-2016-2807
SHA-256 | d29c52273e7734f2eb886a43b5407681e67a0595f44c88105e13d3a3a39ba876
Debian Security Advisory 3576-1
Posted May 13, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3576-1 - Multiple security issues have been found in Icedove, Debian's version of lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2016-1979, CVE-2016-2805, CVE-2016-2807
SHA-256 | 05e7b4c1f39005760c9abd1a0ac619a912317ec016c2c8356dc9bb6fbfb07db5
Red Hat Security Advisory 2016-0684-01
Posted Apr 25, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0684-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. Security Fix: A use-after-free flaw was found in the way NSS handled DHE and ECDHE handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-1978, CVE-2016-1979
SHA-256 | 5a2666975f30ed4ef9d32a6c94c6c7ee9af784cd8b1cb74c9e6c0bbd94cde00e
Red Hat Security Advisory 2016-0685-01
Posted Apr 25, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0685-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-1978, CVE-2016-1979
SHA-256 | 7142359029ecb55b91f8740bcc308885a4ca03d05377044d0945c59945dbfdaa
Red Hat Security Advisory 2016-0591-01
Posted Apr 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0591-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-1978, CVE-2016-1979
SHA-256 | b4d37927706ed52b6f88aeba09a8fe9f5e48bb1850ac0233b2fc350696bfd23f
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close