CVE-2016-5285
published 2019-11-15CVE-2016-5285: A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey /…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
Affected
52 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| avaya | aura_application_enablement_services | — | — |
| avaya | aura_application_enablement_services | 6.1 – 6.3.3 | — |
| avaya | aura_application_server_5300 | — | — |
| avaya | aura_communication_manager | — | — |
| avaya | aura_communication_manager | 6.0 – 6.3.117.0 | — |
| avaya | aura_communication_manager_messagint | — | — |
| avaya | aura_conferencing | — | — |
| avaya | aura_conferencing | — | — |
| avaya | aura_conferencing | — | — |
| avaya | aura_experience_portal | 6.0 – 7.1 | — |
| avaya | aura_messaging | — | — |
| avaya | aura_messaging | — | — |
| avaya | aura_session_manager | — | — |
| avaya | aura_session_manager | — | — |
| avaya | aura_session_manager | 6.3 – 6.3.18 | — |
| avaya | aura_system_manager | 6.3 – 6.3.18 | — |
| avaya | aura_system_manager | 7.0 – 7.0.1.3 | — |
| avaya | aura_system_platform_firmware | 6.3 – 6.4.0 | — |
| avaya | aura_utility_services | 6.3 – 6.3.14 | — |
| avaya | aura_utility_services | 7.0 – 7.0.1.2 | — |
| avaya | breeze_platform | 3.0 – 3.2 | — |
| avaya | call_management_system | — | — |
| avaya | call_management_system | 18.0.0.1 – 18.0.0.2 | — |
| avaya | cs1000e_cs1000m_signaling_server_firmware | 7.0 – 7.6 | — |
| avaya | cs1000e_firmware | 7.0 – 7.6 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH