CVE-2016-5285
Summary
| CVE | CVE-2016-5285 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-11-15 16:15:00 UTC |
| Updated | 2020-01-09 20:15:00 UTC |
| Description | A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. |
Risk And Classification
Problem Types: CWE-476
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Avaya | Aura Application Enablement Services | 7.0 | All | All | All |
| Application | Avaya | Aura Application Enablement Services | 7.0 | All | All | All |
| Application | Avaya | Aura Application Enablement Services | All | All | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | - | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp1 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp10 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp10.1 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp11 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp11.1 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp12 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp12.1 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp12.2 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp12.3 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp12.5 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp3 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp5 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp7 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | - | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp1 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp10 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp10.1 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp11 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp11.1 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp12 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp12.1 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp12.2 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp12.3 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp12.5 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp3 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp5 | All | All |
| Application | Avaya | Aura Application Server 5300 | 3.0 | sp7 | All | All |
| Application | Avaya | Aura Communication Manager | 7.0 | - | All | All |
| Application | Avaya | Aura Communication Manager | 7.0 | sp | All | All |
| Application | Avaya | Aura Communication Manager | 7.0 | sp3 | All | All |
| Application | Avaya | Aura Communication Manager | 7.0 | - | All | All |
| Application | Avaya | Aura Communication Manager | 7.0 | sp | All | All |
| Application | Avaya | Aura Communication Manager | 7.0 | sp3 | All | All |
| Application | Avaya | Aura Communication Manager | All | All | All | All |
| Application | Avaya | Aura Communication Manager Messagint | 7.0 | - | All | All |
| Application | Avaya | Aura Communication Manager Messagint | 7.0 | sp1 | All | All |
| Application | Avaya | Aura Communication Manager Messagint | 7.0 | - | All | All |
| Application | Avaya | Aura Communication Manager Messagint | 7.0 | sp1 | All | All |
| Application | Avaya | Aura Conferencing | 7.0 | All | All | All |
| Application | Avaya | Aura Conferencing | 7.2 | All | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | - | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp2 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp4 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp5 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp7 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp8 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp9 | All | All |
| Application | Avaya | Aura Conferencing | 7.0 | All | All | All |
| Application | Avaya | Aura Conferencing | 7.2 | All | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | - | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp2 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp4 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp5 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp7 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp8 | All | All |
| Application | Avaya | Aura Conferencing | 8.0 | sp9 | All | All |
| Application | Avaya | Aura Experience Portal | All | All | All | All |
| Application | Avaya | Aura Messaging | 6.3 | All | All | All |
| Application | Avaya | Aura Messaging | 6.3.3 | - | All | All |
| Application | Avaya | Aura Messaging | 6.3.3 | sp4 | All | All |
| Application | Avaya | Aura Messaging | 6.3.3 | sp5 | All | All |
| Application | Avaya | Aura Messaging | 6.3.3 | sp6 | All | All |
| Application | Avaya | Aura Messaging | 6.3 | All | All | All |
| Application | Avaya | Aura Messaging | 6.3.3 | - | All | All |
| Application | Avaya | Aura Messaging | 6.3.3 | sp4 | All | All |
| Application | Avaya | Aura Messaging | 6.3.3 | sp5 | All | All |
| Application | Avaya | Aura Messaging | 6.3.3 | sp6 | All | All |
| Application | Avaya | Aura Session Manager | 7.0 | - | All | All |
| Application | Avaya | Aura Session Manager | 7.0 | sp1 | All | All |
| Application | Avaya | Aura Session Manager | 7.0 | sp2 | All | All |
| Application | Avaya | Aura Session Manager | 7.0.1 | - | All | All |
| Application | Avaya | Aura Session Manager | 7.0.1 | sp1 | All | All |
| Application | Avaya | Aura Session Manager | 7.0.1 | sp2 | All | All |
| Application | Avaya | Aura Session Manager | 7.0 | - | All | All |
| Application | Avaya | Aura Session Manager | 7.0 | sp1 | All | All |
| Application | Avaya | Aura Session Manager | 7.0 | sp2 | All | All |
| Application | Avaya | Aura Session Manager | 7.0.1 | - | All | All |
| Application | Avaya | Aura Session Manager | 7.0.1 | sp1 | All | All |
| Application | Avaya | Aura Session Manager | 7.0.1 | sp2 | All | All |
| Application | Avaya | Aura Session Manager | All | All | All | All |
| Application | Avaya | Aura System Manager | All | All | All | All |
| Application | Avaya | Aura System Manager | All | All | All | All |
| Hardware | Avaya | Aura System Platform | - | All | All | All |
| Hardware | Avaya | Aura System Platform | - | All | All | All |
| Operating System | Avaya | Aura System Platform Firmware | All | All | All | All |
| Application | Avaya | Aura Utility Services | All | All | All | All |
| Application | Avaya | Aura Utility Services | All | All | All | All |
| Application | Avaya | Breeze Platform | All | All | All | All |
| Application | Avaya | Call Management System | 17.0 | - | All | All |
| Application | Avaya | Call Management System | 17.0 | r3 | All | All |
| Application | Avaya | Call Management System | 17.0 | r4 | All | All |
| Application | Avaya | Call Management System | 17.0 | r5 | All | All |
| Application | Avaya | Call Management System | 17.0 | r6 | All | All |
| Application | Avaya | Call Management System | 17.0 | - | All | All |
| Application | Avaya | Call Management System | 17.0 | r3 | All | All |
| Application | Avaya | Call Management System | 17.0 | r4 | All | All |
| Application | Avaya | Call Management System | 17.0 | r5 | All | All |
| Application | Avaya | Call Management System | 17.0 | r6 | All | All |
| Application | Avaya | Call Management System | All | All | All | All |
| Hardware | Avaya | Cs1000e | - | All | All | All |
| Hardware | Avaya | Cs1000e | - | All | All | All |
| Hardware | Avaya | Cs1000e/cs1000m Signaling Server | - | All | All | All |
| Operating System | Avaya | Cs1000e/cs1000m Signaling Server Firmware | All | All | All | All |
| Hardware | Avaya | Cs1000e/cs1000m Signaling Server | - | All | All | All |
| Hardware | Avaya | Cs1000e/cs1000m Signaling Server | - | All | All | All |
| Operating System | Avaya | Cs1000e/cs1000m Signaling Server Firmware | All | All | All | All |
| Operating System | Avaya | Cs1000e Firmware | All | All | All | All |
| Hardware | Avaya | Cs1000m | - | All | All | All |
| Hardware | Avaya | Cs1000m | - | All | All | All |
| Operating System | Avaya | Cs1000m Firmware | All | All | All | All |
| Application | Avaya | Ip Office | 10.0 | - | All | All |
| Application | Avaya | Ip Office | 10.0 | sp1 | All | All |
| Application | Avaya | Ip Office | 10.0 | sp2 | All | All |
| Application | Avaya | Ip Office | 10.0 | sp3 | All | All |
| Application | Avaya | Ip Office | 10.0 | sp4 | All | All |
| Application | Avaya | Ip Office | 10.0 | sp5 | All | All |
| Application | Avaya | Ip Office | 10.0 | sp6 | All | All |
| Application | Avaya | Ip Office | 10.0 | sp7 | All | All |
| Application | Avaya | Ip Office | 8.1 | All | All | All |
| Application | Avaya | Ip Office | 9.1 | - | All | All |
| Application | Avaya | Ip Office | 9.1 | sp1 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp10 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp11 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp12 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp3 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp4 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp5 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp6 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp7 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp8 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp9 | All | All |
| Application | Avaya | Ip Office | 10.0 | - | All | All |
| Application | Avaya | Ip Office | 10.0 | sp1 | All | All |
| Application | Avaya | Ip Office | 10.0 | sp2 | All | All |
| Application | Avaya | Ip Office | 10.0 | sp3 | All | All |
| Application | Avaya | Ip Office | 10.0 | sp4 | All | All |
| Application | Avaya | Ip Office | 10.0 | sp5 | All | All |
| Application | Avaya | Ip Office | 10.0 | sp6 | All | All |
| Application | Avaya | Ip Office | 10.0 | sp7 | All | All |
| Application | Avaya | Ip Office | 8.1 | All | All | All |
| Application | Avaya | Ip Office | 9.1 | - | All | All |
| Application | Avaya | Ip Office | 9.1 | sp1 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp10 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp11 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp12 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp3 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp4 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp5 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp6 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp7 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp8 | All | All |
| Application | Avaya | Ip Office | 9.1 | sp9 | All | All |
| Application | Avaya | Iq | 5.2.x | All | All | All |
| Application | Avaya | Iq | 5.2.x | All | All | All |
| Application | Avaya | Meeting Exchange | 6.2 | - | All | All |
| Application | Avaya | Meeting Exchange | 6.2 | sp3 | All | All |
| Application | Avaya | Meeting Exchange | 6.2 | - | All | All |
| Application | Avaya | Meeting Exchange | 6.2 | sp3 | All | All |
| Application | Avaya | Message Networking | All | All | All | All |
| Application | Avaya | One-x Client Enablement Services | 6.2 | - | All | All |
| Application | Avaya | One-x Client Enablement Services | 6.2 | sp1 | All | All |
| Application | Avaya | One-x Client Enablement Services | 6.2 | sp2 | All | All |
| Application | Avaya | One-x Client Enablement Services | 6.2 | sp5 | All | All |
| Application | Avaya | One-x Client Enablement Services | 6.2 | - | All | All |
| Application | Avaya | One-x Client Enablement Services | 6.2 | sp1 | All | All |
| Application | Avaya | One-x Client Enablement Services | 6.2 | sp2 | All | All |
| Application | Avaya | One-x Client Enablement Services | 6.2 | sp5 | All | All |
| Application | Avaya | Proactive Contact | All | All | All | All |
| Hardware | Avaya | Session Border Controller For Enterprise | - | All | All | All |
| Hardware | Avaya | Session Border Controller For Enterprise | - | All | All | All |
| Operating System | Avaya | Session Border Controller For Enterprise Firmware | All | All | All | All |
| Operating System | Avaya | Session Border Controller For Enterprise Firmware | All | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Mozilla | Nss | All | All | All | All |
| Application | Mozilla | Nss | All | All | All | All |
| Operating System | Redhat | Enterprise Linux | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp2 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Broadcom Support Portal | MISC | bto.bluecoat.com | |
| USN-3163-1: NSS vulnerabilities | Ubuntu | MISC | www.ubuntu.com | |
| Mozilla Network Security Service (NSS): Multiple vulnerabilities (GLSA 201701-46) — Gentoo security | MISC | security.gentoo.org | |
| [security-announce] SUSE-SU-2016:3014-1: important: Security update for | MISC | lists.opensuse.org | |
| [security-announce] SUSE-SU-2016:3105-1: important: Security update for | MISC | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] SUSE-SU-2016:3080-1: important: Security update for | MISC | lists.opensuse.org | |
| Red Hat Customer Portal | MISC | rhn.redhat.com | |
| 1306103 - (CVE-2016-5285) Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash | CONFIRM | bugzilla.mozilla.org | |
| Mozilla Network Security Services CVE-2016-5285 Denial of Service Vulnerability | MISC | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710518 Gentoo Linux Mozilla Network Security Service (NSS) Multiple Vulnerabilities (GLSA 201701-46)