CVE-2016-8635

CWE-358 CWE-3209 documents8 sources

Severity

5.9MEDIUM

EPSS

0.4%

top 38.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Network Security Services Mozilla NSS Redhat Enterprise Linux Desktop +5 more

Timeline

PublishedAug 1

Latest updateMay 13

Description

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

▶Debiannss< 2:3.25-1+3

▶NVDmozilla/network_security_services3.21 — 3.21.4

▶CVEListV5mozilla/nss3.21.x

▶NVDredhat/enterprise_linux_server5.0, 6.0, 7.0+2

▶NVDredhat/enterprise_linux_desktop5.0, 6.0, 7.0+2

Also affects: Enterprise Linux 7.3, 7.4, 7.6, 7.5

🔴Vulnerability Details

GHSA

GHSA-j6rc-c6gr-mf89: It was found that Diffie Hellman Client key exchange handling in NSS 3↗2022-05-13

▶

OSV

CVE-2016-8635: It was found that Diffie Hellman Client key exchange handling in NSS 3↗2018-08-01

▶

CVEList

CVE-2016-8635: It was found that Diffie Hellman Client key exchange handling in NSS 3↗2018-08-01

▶

OSV

nss vulnerabilities↗2017-01-04

▶

📋Vendor Advisories

Ubuntu

NSS vulnerabilities↗2017-01-04

▶

Red Hat

nss: small-subgroups attack flaw↗2016-11-16

▶

Debian

CVE-2016-8635: nss - It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was ...↗2016

▶

💬Community

Bugzilla

CVE-2016-8635 nss: small-subgroups attack flaw↗2016-11-04

▶