CVE-2016-5285

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

Published: Nov 15, 2019
Updated: Nov 9, 2025
CVE: CVE-2016-5285
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
mozilla / nss	-	3.26
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	6.0	6.0.x
redhat / enterprise_linux	5.0	5.0.x
suse / linux_enterprise_server	11-sp2	11-sp2.x
avaya / call_management_system	17.0-r3	17.0-r3.x
avaya / call_management_system	17.0-r4	17.0-r4.x
avaya / call_management_system	17.0-r5	17.0-r5.x
avaya / call_management_system	17.0-r6	17.0-r6.x
avaya / call_management_system	17.0	17.0.x
avaya / breeze_platform	3.0	3.2.x
avaya / iq	5.2.x	5.2.x.x
avaya / aura_application_server_5300	3.0-sp1	3.0-sp1.x
avaya / aura_application_server_5300	3.0-sp3	3.0-sp3.x
avaya / aura_application_server_5300	3.0-sp5	3.0-sp5.x
avaya / aura_application_server_5300	3.0-sp10.1	3.0-sp10.1.x
avaya / aura_application_server_5300	3.0-sp11.1	3.0-sp11.1.x
avaya / aura_application_server_5300	3.0-sp12.1	3.0-sp12.1.x
avaya / aura_application_server_5300	3.0-sp7	3.0-sp7.x
avaya / aura_application_server_5300	3.0-sp10	3.0-sp10.x
avaya / aura_application_server_5300	3.0-sp11	3.0-sp11.x
avaya / aura_application_server_5300	3.0-sp12	3.0-sp12.x
avaya / aura_application_server_5300	3.0-sp12.2	3.0-sp12.2.x
avaya / aura_application_server_5300	3.0-sp12.3	3.0-sp12.3.x
avaya / aura_application_server_5300	3.0-sp12.5	3.0-sp12.5.x
avaya / aura_application_server_5300	3.0	3.0.x
avaya / aura_application_enablement_services	7.0	7.0.x
avaya / aura_application_enablement_services	6.1	6.3.3.x
avaya / aura_communication_manager_messagint	7.0-sp1	7.0-sp1.x
avaya / aura_communication_manager_messagint	7.0	7.0.x
avaya / aura_communication_manager	7.0-sp	7.0-sp.x
avaya / aura_communication_manager	7.0-sp3	7.0-sp3.x
avaya / aura_communication_manager	7.0	7.0.x
avaya / aura_communication_manager	6.0	6.3.117.0.x
avaya / call_management_system	18.0.0.1	18.0.0.2.x
avaya / cs1000e_firmware	7.0	7.6.x
avaya / cs1000m_firmware	7.0	7.6.x
avaya / cs1000e/cs1000m_signaling_server_firmware	7.0	7.6.x
avaya / aura_conferencing	8.0-sp2	8.0-sp2.x
avaya / aura_conferencing	8.0-sp4	8.0-sp4.x
avaya / aura_conferencing	8.0-sp5	8.0-sp5.x
avaya / aura_conferencing	8.0-sp7	8.0-sp7.x
avaya / aura_conferencing	8.0-sp8	8.0-sp8.x
avaya / aura_conferencing	8.0	8.0.x
avaya / aura_experience_portal	6.0	7.1.x
avaya / aura_conferencing	8.0-sp9	8.0-sp9.x
avaya / aura_conferencing	7.0	7.0.x
avaya / aura_conferencing	7.2	7.2.x
avaya / ip_office	9.1-sp1	9.1-sp1.x
avaya / ip_office	9.1-sp3	9.1-sp3.x
avaya / ip_office	9.1-sp4	9.1-sp4.x
avaya / ip_office	9.1-sp5	9.1-sp5.x
avaya / ip_office	9.1-sp6	9.1-sp6.x
avaya / ip_office	9.1-sp7	9.1-sp7.x
avaya / ip_office	9.1-sp8	9.1-sp8.x
avaya / ip_office	9.1-sp9	9.1-sp9.x
avaya / ip_office	9.1-sp10	9.1-sp10.x
avaya / ip_office	9.1-sp11	9.1-sp11.x
avaya / ip_office	9.1-sp12	9.1-sp12.x
avaya / ip_office	10.0-sp1	10.0-sp1.x
avaya / ip_office	10.0-sp2	10.0-sp2.x
avaya / ip_office	10.0-sp3	10.0-sp3.x
avaya / ip_office	10.0-sp4	10.0-sp4.x
avaya / ip_office	10.0-sp5	10.0-sp5.x
avaya / ip_office	10.0-sp6	10.0-sp6.x
avaya / ip_office	10.0-sp7	10.0-sp7.x
avaya / ip_office	8.1	8.1.x
avaya / ip_office	9.1	9.1.x
avaya / ip_office	10.0	10.0.x
avaya / proactive_contact	5.0	5.1.2.x
avaya / one-x_client_enablement_services	6.2-sp1	6.2-sp1.x
avaya / one-x_client_enablement_services	6.2-sp2	6.2-sp2.x
avaya / one-x_client_enablement_services	6.2-sp5	6.2-sp5.x
avaya / one-x_client_enablement_services	6.2	6.2.x
avaya / aura_messaging	6.3.3	6.3.3.x
avaya / aura_messaging	6.3.3-sp4	6.3.3-sp4.x
avaya / aura_messaging	6.3.3-sp5	6.3.3-sp5.x
avaya / aura_messaging	6.3.3-sp6	6.3.3-sp6.x
avaya / aura_messaging	6.3	6.3.x
avaya / message_networking	5.2	6.3.x
avaya / meeting_exchange	6.2-sp3	6.2-sp3.x
avaya / meeting_exchange	6.2	6.2.x
avaya / aura_utility_services	7.0	7.0.1.2.x
avaya / aura_utility_services	6.3	6.3.14.x
avaya / aura_session_manager	6.3	6.3.18.x
avaya / aura_session_manager	7.0	7.0.x
avaya / aura_session_manager	7.0-sp1	7.0-sp1.x
avaya / aura_session_manager	7.0-sp2	7.0-sp2.x
avaya / aura_session_manager	7.0.1	7.0.1.x
avaya / aura_session_manager	7.0.1-sp1	7.0.1-sp1.x
avaya / aura_session_manager	7.0.1-sp2	7.0.1-sp2.x
avaya / aura_system_manager	6.3	6.3.18.x
avaya / aura_system_manager	7.0	7.0.1.3.x
avaya / session_border_controller_for_enterprise_firmware	6.2	6.3.x
avaya / session_border_controller_for_enterprise_firmware	7.0	7.1.x
avaya / aura_system_platform_firmware	6.3	6.4.0.x

Vulnerability Database

300,445

CVE-2016-5285

Deep Security Visibility Without the Complexity