CVE-2016-1950

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

Published: Mar 13, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-1950
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
mozilla / network_security_services	3.19.2	3.19.2.x
mozilla / network_security_services	3.20	3.20.x
mozilla / network_security_services	3.20.1	3.20.1.x
mozilla / network_security_services	3.21	3.21.x
mozilla / firefox	-	44.0.2.x
mozilla / firefox_esr	38.0	38.0.x
mozilla / firefox_esr	38.0.1	38.0.1.x
mozilla / firefox_esr	38.0.5	38.0.5.x
mozilla / firefox_esr	38.1.0	38.1.0.x
mozilla / firefox_esr	38.1.1	38.1.1.x
mozilla / firefox_esr	38.2.0	38.2.0.x
mozilla / firefox_esr	38.2.1	38.2.1.x
mozilla / firefox_esr	38.3.0	38.3.0.x
mozilla / firefox_esr	38.4.0	38.4.0.x
mozilla / firefox_esr	38.5.0	38.5.0.x
mozilla / firefox_esr	38.5.1	38.5.1.x
mozilla / firefox_esr	38.6.0	38.6.0.x
mozilla / firefox_esr	38.6.1	38.6.1.x
oracle / linux	5.0	5.0.x
oracle / vm_server	3.2	3.2.x
oracle / linux	6	6.x
oracle / linux	7	7.x
apple / watchos	-	2.1.x
apple / iphone_os	-	9.2.1.x
apple / mac_os_x	-	10.11.3.x
apple / tvos	-	9.1.x
oracle / glassfish_server	2.1.1	2.1.1.x
oracle / iplanet_web_proxy_server	4.0	4.0.x
oracle / iplanet_web_server	7.0	7.0.x
opensuse / opensuse	13.1	13.1.x

Vulnerability Database

289,689

CVE-2016-1950