CVE-2016-1950
A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.
Find out more about CVE-2016-1950 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 6.8 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux Advanced Update Support 6.2 (nss-util) | RHSA-2016:0495 | 2016-03-23 |
| Red Hat Enterprise Linux Advanced Update Support 6.4 (nss-util) | RHSA-2016:0495 | 2016-03-23 |
| Red Hat Enterprise Linux Extended Update Support 6.6 (nss-util) | RHSA-2016:0495 | 2016-03-23 |
| Red Hat Enterprise Linux Extended Update Support 7.1 (nss-util) | RHSA-2016:0495 | 2016-03-23 |
| Red Hat Enterprise Linux 5 (nss) | RHSA-2016:0371 | 2016-03-09 |
| Red Hat Enterprise Linux Advanced Update Support 6.5 (nss-util) | RHSA-2016:0495 | 2016-03-23 |
| Red Hat Enterprise Linux 6 (nss-util) | RHSA-2016:0370 | 2016-03-09 |
| Red Hat Enterprise Linux 7 (nss-util) | RHSA-2016:0370 | 2016-03-09 |