Bug 970257 - (CVE-2016-1950) VUL-0: CVE-2016-1950: mozilla-nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)
(CVE-2016-1950)
VUL-0: CVE-2016-1950: mozilla-nss: Heap buffer overflow vulnerability in ASN1...
Status: RESOLVED DUPLICATE of bug 969894
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P1 - Urgent : Major
: ---
Assigned To: Petr Cerny
Security Team bot
https://smash.suse.de/issue/162870/
CVSSv2:RedHat:CVE-2016-1950:6.8:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-09 10:45 UTC by Victor Pereira
Modified: 2019-05-01 17:05 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2016-03-09 10:45:00 UTC
rh#1310509

A heap-based buffer overflow was found in the ASN.1 parsing code of NSS. A remote attacker could create a specially-crafted certificate, which when parsed by NSS, could the application linked with NSS to crash or potentially execute code with the permission of the user running such an application.

Applications such as web browsers which parse untrusted web content are specially vulnerable to this issue.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1310509
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1950
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1950.html
Comment 2 Marcus Meissner 2016-03-16 09:29:34 UTC
updates were tracked in bug 969894

*** This bug has been marked as a duplicate of bug 969894 ***