CVE-2016-8635

MEDIUM

NSS 3.21.x - Memory Corruption

Title source: llm

Description

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

References (4)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-2779.html

[Third Party Advisory] https://security.gentoo.org/glsa/201701-46

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94346

Scores

CVSS v3 5.3

EPSS 0.0042

EPSS Percentile 61.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-320 CWE-358

Status published

Products (19)

mozilla/network_security_services 3.21 - 3.21.4

redhat/enterprise_linux_desktop 5.0

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_desktop 7.0

redhat/enterprise_linux_server 5.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_server 7.0

redhat/enterprise_linux_server_aus 7.3

redhat/enterprise_linux_server_aus 7.4

redhat/enterprise_linux_server_aus 7.6

... and 9 more

Published Aug 01, 2018

Tracked Since Feb 18, 2026