← Back

CVE-2016-5285

nvd nist
Published: Nov 15, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

Affected (99)

Products: Mozilla: Nss · Debian: Debian Linux · Redhat: Enterprise Linux · +2 more
Show all products
Mozilla: Nss · Debian: Debian Linux · Redhat: Enterprise Linux · Suse: Linux Enterprise Server · Avaya: Aura Application Enablement Services, Aura Application Server 5300, Aura Communication Manager, Aura Communication Manager Messagint, Breeze Platform, Call Management System, Iq, Cs1000e Firmware, Cs1000m Firmware, Cs1000e/cs1000m Signaling Server Firmware, Aura Conferencing, Aura Experience Portal, Ip Office, Aura Messaging, Aura Session Manager, Aura System Manager, Aura Utility Services, Meeting Exchange, Message Networking, One X Client Enablement Services, Proactive Contact, Session Border Controller For Enterprise Firmware, Aura System Platform Firmware
Mozilla
1 product
Nss
Debian
1 product
Debian Linux
Redhat
1 product
Enterprise Linux
Suse
1 product
Linux Enterprise Server
Avaya
23 products
Aura Application Enablement Services
Aura Application Server 5300
Aura Communication Manager
Aura Communication Manager Messagint
Breeze Platform
Call Management System
Iq
Cs1000e Firmware
Cs1000m Firmware
Cs1000e/cs1000m Signaling Server Firmware
Aura Conferencing
Aura Experience Portal
Ip Office
Aura Messaging
Aura Session Manager
Aura System Manager
Aura Utility Services
Meeting Exchange
Message Networking
One X Client Enablement Services
Proactive Contact
Session Border Controller For Enterprise Firmware
Aura System Platform Firmware
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Nss
Before 3.26
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 8.0
Debian Linux
Version 9.0
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux
Version 5.0
Enterprise Linux
Version 6.0
Enterprise Linux
Version 7.0
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Linux Enterprise Server
Version 11 sp2
Configuration E
30 vulnerable
Vulnerable SoftwareAffected Versions
Avaya
Aura Application Enablement Services
From 6.1 to 6.3.3
Aura Application Enablement Services
Version 7.0
Avaya
Aura Application Server 5300
Version 3.0
Aura Application Server 5300
Version 3.0 sp10.1
Aura Application Server 5300
Version 3.0 sp10
Aura Application Server 5300
Version 3.0 sp11.1
Aura Application Server 5300
Version 3.0 sp11
Aura Application Server 5300
Version 3.0 sp12.1
Aura Application Server 5300
Version 3.0 sp12.2
Aura Application Server 5300
Version 3.0 sp12.3
Aura Application Server 5300
Version 3.0 sp12.5
Aura Application Server 5300
Version 3.0 sp12
Aura Application Server 5300
Version 3.0 sp1
Aura Application Server 5300
Version 3.0 sp3
Aura Application Server 5300
Version 3.0 sp5
Aura Application Server 5300
Version 3.0 sp7
Avaya
Aura Communication Manager
From 6.0 to 6.3.117.0
Aura Communication Manager
Version 7.0
Aura Communication Manager
Version 7.0 sp3
Aura Communication Manager
Version 7.0 sp
Avaya
Aura Communication Manager Messagint
Version 7.0
Aura Communication Manager Messagint
Version 7.0 sp1
Breeze Platform
From 3.0 to 3.2
Avaya
Call Management System
From 18.0.0.1 to 18.0.0.2
Call Management System
Version 17.0
Call Management System
Version 17.0 r3
Call Management System
Version 17.0 r4
Call Management System
Version 17.0 r5
Call Management System
Version 17.0 r6
Iq
Version 5.2.x
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cs1000e Firmware
From 7.0 to 7.6
Running on/withPlatform Versions
Avaya
Cs1000e
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cs1000m Firmware
From 7.0 to 7.6
Running on/withPlatform Versions
Avaya
Cs1000m
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cs1000e/cs1000m Signaling Server Firmware
From 7.0 to 7.6
Running on/withPlatform Versions
Avaya
Cs1000e/cs1000m Signaling Server
All versions
Configuration I
10 vulnerable
Vulnerable SoftwareAffected Versions
Avaya
Aura Conferencing
Version 7.0
Aura Conferencing
Version 7.2
Aura Conferencing
Version 8.0
Aura Conferencing
Version 8.0 sp2
Aura Conferencing
Version 8.0 sp4
Aura Conferencing
Version 8.0 sp5
Aura Conferencing
Version 8.0 sp7
Aura Conferencing
Version 8.0 sp8
Aura Conferencing
Version 8.0 sp9
Aura Experience Portal
From 6.0 to 7.1
Configuration J
21 vulnerable
Vulnerable SoftwareAffected Versions
Avaya
Ip Office
Version 10.0
Ip Office
Version 10.0 sp1
Ip Office
Version 10.0 sp2
Ip Office
Version 10.0 sp3
Ip Office
Version 10.0 sp4
Ip Office
Version 10.0 sp5
Ip Office
Version 10.0 sp6
Ip Office
Version 10.0 sp7
Ip Office
Version 8.1
Ip Office
Version 9.1
Ip Office
Version 9.1 sp10
Ip Office
Version 9.1 sp11
Ip Office
Version 9.1 sp12
Ip Office
Version 9.1 sp1
Ip Office
Version 9.1 sp3
Ip Office
Version 9.1 sp4
Ip Office
Version 9.1 sp5
Ip Office
Version 9.1 sp6
Ip Office
Version 9.1 sp7
Ip Office
Version 9.1 sp8
Ip Office
Version 9.1 sp9
Configuration K
24 vulnerable
Vulnerable SoftwareAffected Versions
Avaya
Aura Messaging
Version 6.3.3
Aura Messaging
Version 6.3.3 sp4
Aura Messaging
Version 6.3.3 sp5
Aura Messaging
Version 6.3.3 sp6
Aura Messaging
Version 6.3
Avaya
Aura Session Manager
From 6.3 to 6.3.18
Aura Session Manager
Version 7.0.1
Aura Session Manager
Version 7.0.1 sp1
Aura Session Manager
Version 7.0.1 sp2
Aura Session Manager
Version 7.0
Aura Session Manager
Version 7.0 sp1
Aura Session Manager
Version 7.0 sp2
Avaya
Aura System Manager
From 6.3 to 6.3.18
Aura System Manager
From 7.0 to 7.0.1.3
Avaya
Aura Utility Services
From 6.3 to 6.3.14
Aura Utility Services
From 7.0 to 7.0.1.2
Avaya
Meeting Exchange
Version 6.2
Meeting Exchange
Version 6.2 sp3
Message Networking
From 5.2 to 6.3
Avaya
One X Client Enablement Services
Version 6.2
One X Client Enablement Services
Version 6.2 sp1
One X Client Enablement Services
Version 6.2 sp2
One X Client Enablement Services
Version 6.2 sp5
Proactive Contact
From 5.0 to 5.1.2
Configuration L
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Avaya
Session Border Controller For Enterprise Firmware
From 6.2 to 6.3
Session Border Controller For Enterprise Firmware
From 7.0 to 7.1
Running on/withPlatform Versions
Avaya
Session Border Controller For Enterprise
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Aura System Platform Firmware
From 6.3 to 6.4.0
Running on/withPlatform Versions
Avaya
Aura System Platform
All versions

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (18)

Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
Mailing ListThird Party Advisory
Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
Source: security@mozilla.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.