Vulnerability CVE-2016-5285


Published: 2019-11-15   Modified: 2019-11-16

Description:
Null pointer dereference vulnerability exists in K11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime in NSS before 3.26, which causes the TLS/SSL server using NSS to crash.

Type:

CWE-476

(NULL Pointer Dereference)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
SUSE -> Linux enterprise server 
Redhat -> Enterprise linux 
Mozilla -> NSS 
Debian -> Debian linux 
Avaya -> Aura system manager 
Avaya -> Aura utility services 
Avaya -> Meeting exchange 
Avaya -> Message networking 
Avaya -> Aura application enablement services 
Avaya -> One-x client enablement services 
Avaya -> Aura application server 5300 
Avaya -> Proactive contact 
Avaya -> Aura communication manager 
Avaya -> Aura communication manager messagint 
Avaya -> Breeze platform 
Avaya -> Call management system 
Avaya -> IQ 
Avaya -> Aura conferencing 
Avaya -> Aura experience portal 
Avaya -> Ip office 
Avaya -> Aura messaging 
Avaya -> Aura session manager 

 References:
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5285
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-5285
https://downloads.avaya.com/css/P8/documents/101033728
https://packetstormsecurity.com/files/cve/CVE-2016-5285
https://security-tracker.debian.org/tracker/CVE-2016-5285
https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2016-5285

Copyright 2020, cxsecurity.com

 

Back to Top