Home CVE Database CVE-2016-1979

CVE-2016-1979

Description

Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.CWE-416: Use After Free

Priority: MEDIUM
CVSS v3: 8.8
Publish Date: Mar 13, 2016
Related ID: --
CVSS v2: High
Modified Date: Mar 18, 2016

Find out more about CVE-2016-1979 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

nss

Live chat
Online