A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High
User Interaction None
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
AV:N/AC:L/Au:N/C:N/I:N/A:P
Vendors | Products |
---|---|
Redhat |
|
Suse |
|
Avaya |
|
Mozilla |
|
Debian |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
AND |
|
Configuration 7 [-]
AND |
|
Configuration 8 [-]
AND |
|
Configuration 9 [-]
|
Configuration 10 [-]
|
Configuration 11 [-]
|
Configuration 12 [-]
AND |
|
Configuration 13 [-]
AND |
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2019-11-15T15:44:05
Updated: 2020-01-09T19:53:19
Reserved: 2016-06-03T00:00:00
Link: CVE-2016-5285
JSON object: View
NVD Information
Status : Modified
Published: 2019-11-15T16:15:10.110
Modified: 2020-01-09T20:15:10.723
Link: CVE-2016-5285
JSON object: View
Redhat Information
No data.
CWE