CVE-2016-5285
HIGHMozilla Nss < 3.26 - NULL Pointer Dereference
Title source: ruleDescription
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
References (9)
Scores
CVSS v3
7.5
EPSS
0.0158
EPSS Percentile
81.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Classification
CWE
CWE-476
Status
published
Affected Products (50)
mozilla/nss
< 3.26
debian/debian_linux
debian/debian_linux
debian/debian_linux
redhat/enterprise_linux
redhat/enterprise_linux
redhat/enterprise_linux
suse/linux_enterprise_server
avaya/aura_application_enablement_services
< 6.3.3
avaya/aura_application_enablement_services
avaya/aura_application_server_5300
avaya/aura_application_server_5300
avaya/aura_application_server_5300
avaya/aura_application_server_5300
avaya/aura_application_server_5300
... and 35 more
Timeline
Published
Nov 15, 2019
Tracked Since
Feb 18, 2026