Bug 970257 - (CVE-2016-1950) VUL-0: CVE-2016-1950: mozilla-nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)
VUL-0: CVE-2016-1950: mozilla-nss: Heap buffer overflow vulnerability in ASN1...
Status: RESOLVED DUPLICATE of bug 969894
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P1 - Urgent : Major
: ---
Assigned To: Petr Cerny
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2016-03-09 10:45 UTC by Victor Pereira
Modified: 2019-05-01 17:05 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2016-03-09 10:45:00 UTC

A heap-based buffer overflow was found in the ASN.1 parsing code of NSS. A remote attacker could create a specially-crafted certificate, which when parsed by NSS, could the application linked with NSS to crash or potentially execute code with the permission of the user running such an application.

Applications such as web browsers which parse untrusted web content are specially vulnerable to this issue.

Comment 2 Marcus Meissner 2016-03-16 09:29:34 UTC
updates were tracked in bug 969894

*** This bug has been marked as a duplicate of bug 969894 ***