CVE-2016-1950

CWE-119 — Buffer Overflow19 documents10 sources

Severity

8.8HIGH

EPSS

1.9%

top 16.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple Tvos +9 more

Timeline

PublishedMar 13

Latest updateMay 13

Description

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages15 packages

▶NVDmozilla/network_security_services4 versions+3

▶NVDmozilla/firefox44.0.2+13

▶Ubuntufirefox< 45.0+build2-0ubuntu0.14.04.1

▶Debianfirefox-esr< 45.0esr-1+3

▶Debiannss< 2:3.23-1+3

🔴Vulnerability Details

GHSA

GHSA-8cv9-944x-284m: Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3↗2022-05-13

▶

Project0

CVE-2021-30737, @xerub's 2021 iOS ASN.1 Vulnerability - Project Zero↗2022-04-01

▶

OSV

firefox regressions↗2016-04-19

▶

OSV

firefox regressions↗2016-04-07

▶

CVEList

CVE-2016-1950: Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3↗2016-03-13

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2016-04-27

▶

Ubuntu

NSS vulnerability↗2016-03-09

▶

Ubuntu

Firefox vulnerabilities↗2016-03-09

▶

Red Hat

nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)↗2016-03-08

▶

Debian

CVE-2016-1950: firefox - Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.1...↗2016

▶

💬Community

Bugzilla

CVE-2016-1950 nss-util: nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35) [fedora-all]↗2016-03-09

▶

Bugzilla

CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)↗2016-02-22

▶