What is the severity of CVE-2016-5285?

CVE-2016-5285 has been classified as a high severity vulnerability due to its potential for causing Denial of Service attacks.

How do I fix CVE-2016-5285?

To fix CVE-2016-5285, upgrade Mozilla Network Security Services to version 3.26 or later.

What is affected by CVE-2016-5285?

CVE-2016-5285 affects multiple platforms including specific versions of Mozilla NSS, Debian Linux, Red Hat Enterprise Linux, and Avaya products.

What happens if I don't address CVE-2016-5285?

Failure to address CVE-2016-5285 could lead to potential Denial of Service, disrupting services for users.

Who is primarily affected by CVE-2016-5285?

Organizations using affected versions of Mozilla NSS or its derivatives in critical applications are primarily impacted by CVE-2016-5285.

Vulnerability/
CVE-2016-5285

high

7.5

CWE

476

15/11/2019

6/8/2024

CVE-2016-5285: Null Pointer Dereference

First published: Fri Nov 15 2019(Updated: )

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Network Security Services (NSS)	<3.26
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
Debian Debian Linux	=10.0
Red Hat Enterprise Linux	=5.0
Red Hat Enterprise Linux	=6.0
Red Hat Enterprise Linux	=7.0
SUSE Linux Enterprise Server	=11-sp2
Avaya Aura Application Enablement Services	>=6.1<=6.3.3
Avaya Aura Application Enablement Services	=7.0
Avaya Aura Application Server 5300	=3.0
Avaya Aura Application Server 5300	=3.0-sp1
Avaya Aura Application Server 5300	=3.0-sp10
Avaya Aura Application Server 5300	=3.0-sp10.1
Avaya Aura Application Server 5300	=3.0-sp11
Avaya Aura Application Server 5300	=3.0-sp11.1
Avaya Aura Application Server 5300	=3.0-sp12
Avaya Aura Application Server 5300	=3.0-sp12.1
Avaya Aura Application Server 5300	=3.0-sp12.2
Avaya Aura Application Server 5300	=3.0-sp12.3
Avaya Aura Application Server 5300	=3.0-sp12.5
Avaya Aura Application Server 5300	=3.0-sp3
Avaya Aura Application Server 5300	=3.0-sp5
Avaya Aura Application Server 5300	=3.0-sp7
Avaya Aura Communication Manager	>=6.0<=6.3.117.0
Avaya Aura Communication Manager	=7.0
Avaya Aura Communication Manager	=7.0-sp
Avaya Aura Communication Manager	=7.0-sp3
Avaya Aura Communication Manager Messaging	=7.0
Avaya Aura Communication Manager Messaging	=7.0-sp1
Avaya Breeze Platform	>=3.0<=3.2
Avaya Call Management System	>=18.0.0.1<=18.0.0.2
Avaya Call Management System	=17.0
Avaya Call Management System	=17.0-r3
Avaya Call Management System	=17.0-r4
Avaya Call Management System	=17.0-r5
Avaya Call Management System	=17.0-r6
Avaya IQ	=5.2.x
Avaya CS1000E/CS1000M Signaling Server Firmware	>=7.0<=7.6
Avaya CS1000E Firmware
Avaya CS1000M Firmware	>=7.0<=7.6
Avaya CS1000M Firmware
Avaya CS1000E/CS1000M Signaling Server Firmware	>=7.0<=7.6
Avaya CS1000E/CS1000M Signaling Server
Avaya Aura Conferencing Standard Edition	=7.0
Avaya Aura Conferencing Standard Edition	=7.2
Avaya Aura Conferencing Standard Edition	=8.0
Avaya Aura Conferencing Standard Edition	=8.0-sp2
Avaya Aura Conferencing Standard Edition	=8.0-sp4
Avaya Aura Conferencing Standard Edition	=8.0-sp5
Avaya Aura Conferencing Standard Edition	=8.0-sp7
Avaya Aura Conferencing Standard Edition	=8.0-sp8
Avaya Aura Conferencing Standard Edition	=8.0-sp9
Avaya Aura Experience Portal	>=6.0<=7.1
Avaya IP Office	=8.1
Avaya IP Office	=9.1
Avaya IP Office	=9.1-sp1
Avaya IP Office	=9.1-sp10
Avaya IP Office	=9.1-sp11
Avaya IP Office	=9.1-sp12
Avaya IP Office	=9.1-sp3
Avaya IP Office	=9.1-sp4
Avaya IP Office	=9.1-sp5
Avaya IP Office	=9.1-sp6
Avaya IP Office	=9.1-sp7
Avaya IP Office	=9.1-sp8
Avaya IP Office	=9.1-sp9
Avaya IP Office	=10.0
Avaya IP Office	=10.0-sp1
Avaya IP Office	=10.0-sp2
Avaya IP Office	=10.0-sp3
Avaya IP Office	=10.0-sp4
Avaya IP Office	=10.0-sp5
Avaya IP Office	=10.0-sp6
Avaya IP Office	=10.0-sp7
Avaya Aura Messaging	=6.3
Avaya Aura Messaging	=6.3.3
Avaya Aura Messaging	=6.3.3-sp4
Avaya Aura Messaging	=6.3.3-sp5
Avaya Aura Messaging	=6.3.3-sp6
Avaya Aura Session Manager	>=6.3<=6.3.18
Avaya Aura Session Manager	=7.0
Avaya Aura Session Manager	=7.0-sp1
Avaya Aura Session Manager	=7.0-sp2
Avaya Aura Session Manager	=7.0.1
Avaya Aura Session Manager	=7.0.1-sp1
Avaya Aura Session Manager	=7.0.1-sp2
Avaya Aura System Manager	>=6.3<=6.3.18
Avaya Aura System Manager	>=7.0<=7.0.1.3
Avaya Aura Utility Services	>=6.3<=6.3.14
Avaya Aura Utility Services	>=7.0<=7.0.1.2
Avaya Meeting Exchange	=6.2
Avaya Meeting Exchange	=6.2-sp3
Avaya Message Networking	>=5.2<=6.3
Avaya one-X Client Enablement Services	=6.2
Avaya one-X Client Enablement Services	=6.2-sp1
Avaya one-X Client Enablement Services	=6.2-sp2
Avaya one-X Client Enablement Services	=6.2-sp5
Avaya Proactive Contact	>=5.0<=5.1.2
Avaya Session Border Controller for Enterprise	>=6.2<=6.3
Avaya Session Border Controller for Enterprise	>=7.0<=7.1
Avaya Session Border Controller for Enterprise
Avaya Aura System Platform	>=6.3<=6.4.0
Avaya Aura System Platform

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-5285?
CVE-2016-5285 has been classified as a high severity vulnerability due to its potential for causing Denial of Service attacks.
How do I fix CVE-2016-5285?
To fix CVE-2016-5285, upgrade Mozilla Network Security Services to version 3.26 or later.
What is affected by CVE-2016-5285?
CVE-2016-5285 affects multiple platforms including specific versions of Mozilla NSS, Debian Linux, Red Hat Enterprise Linux, and Avaya products.
What happens if I don't address CVE-2016-5285?
Failure to address CVE-2016-5285 could lead to potential Denial of Service, disrupting services for users.
Who is primarily affected by CVE-2016-5285?
Organizations using affected versions of Mozilla NSS or its derivatives in critical applications are primarily impacted by CVE-2016-5285.

agent/type
agent/author
agent/references
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/weakness
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/mozilla
canonical/mozilla network security services (nss)
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0
version/debian debian linux/10.0
vendor/redhat
canonical/red hat enterprise linux
version/red hat enterprise linux/5.0
version/red hat enterprise linux/6.0
version/red hat enterprise linux/7.0
vendor/suse
canonical/suse linux enterprise server
version/suse linux enterprise server/11-sp2
vendor/avaya
canonical/avaya aura application enablement services
version/avaya aura application enablement services/6.1
version/avaya aura application enablement services/6.3.3
version/avaya aura application enablement services/7.0
canonical/avaya aura application server 5300
version/avaya aura application server 5300/3.0
version/avaya aura application server 5300/3.0-sp1
version/avaya aura application server 5300/3.0-sp10
version/avaya aura application server 5300/3.0-sp10.1
version/avaya aura application server 5300/3.0-sp11
version/avaya aura application server 5300/3.0-sp11.1
version/avaya aura application server 5300/3.0-sp12
version/avaya aura application server 5300/3.0-sp12.1
version/avaya aura application server 5300/3.0-sp12.2
version/avaya aura application server 5300/3.0-sp12.3
version/avaya aura application server 5300/3.0-sp12.5
version/avaya aura application server 5300/3.0-sp3
version/avaya aura application server 5300/3.0-sp5
version/avaya aura application server 5300/3.0-sp7
canonical/avaya aura communication manager
version/avaya aura communication manager/6.0
version/avaya aura communication manager/6.3.117.0
version/avaya aura communication manager/7.0
version/avaya aura communication manager/7.0-sp
version/avaya aura communication manager/7.0-sp3
canonical/avaya aura communication manager messaging
version/avaya aura communication manager messaging/7.0
version/avaya aura communication manager messaging/7.0-sp1
canonical/avaya breeze platform
version/avaya breeze platform/3.0
version/avaya breeze platform/3.2
canonical/avaya call management system
version/avaya call management system/18.0.0.1
version/avaya call management system/18.0.0.2
version/avaya call management system/17.0
version/avaya call management system/17.0-r3
version/avaya call management system/17.0-r4
version/avaya call management system/17.0-r5
version/avaya call management system/17.0-r6
canonical/avaya iq
version/avaya iq/5.2.x
canonical/avaya cs1000e/cs1000m signaling server firmware
version/avaya cs1000e/cs1000m signaling server firmware/7.0
version/avaya cs1000e/cs1000m signaling server firmware/7.6
canonical/avaya cs1000e firmware
canonical/avaya cs1000m firmware
version/avaya cs1000m firmware/7.0
version/avaya cs1000m firmware/7.6
canonical/avaya cs1000e/cs1000m signaling server
canonical/avaya aura conferencing standard edition
version/avaya aura conferencing standard edition/7.0
version/avaya aura conferencing standard edition/7.2
version/avaya aura conferencing standard edition/8.0
version/avaya aura conferencing standard edition/8.0-sp2
version/avaya aura conferencing standard edition/8.0-sp4
version/avaya aura conferencing standard edition/8.0-sp5
version/avaya aura conferencing standard edition/8.0-sp7
version/avaya aura conferencing standard edition/8.0-sp8
version/avaya aura conferencing standard edition/8.0-sp9
canonical/avaya aura experience portal
version/avaya aura experience portal/6.0
version/avaya aura experience portal/7.1
canonical/avaya ip office
version/avaya ip office/8.1
version/avaya ip office/9.1
version/avaya ip office/9.1-sp1
version/avaya ip office/9.1-sp10
version/avaya ip office/9.1-sp11
version/avaya ip office/9.1-sp12
version/avaya ip office/9.1-sp3
version/avaya ip office/9.1-sp4
version/avaya ip office/9.1-sp5
version/avaya ip office/9.1-sp6
version/avaya ip office/9.1-sp7
version/avaya ip office/9.1-sp8
version/avaya ip office/9.1-sp9
version/avaya ip office/10.0
version/avaya ip office/10.0-sp1
version/avaya ip office/10.0-sp2
version/avaya ip office/10.0-sp3
version/avaya ip office/10.0-sp4
version/avaya ip office/10.0-sp5
version/avaya ip office/10.0-sp6
version/avaya ip office/10.0-sp7
canonical/avaya aura messaging
version/avaya aura messaging/6.3
version/avaya aura messaging/6.3.3
version/avaya aura messaging/6.3.3-sp4
version/avaya aura messaging/6.3.3-sp5
version/avaya aura messaging/6.3.3-sp6
canonical/avaya aura session manager
version/avaya aura session manager/6.3
version/avaya aura session manager/6.3.18
version/avaya aura session manager/7.0
version/avaya aura session manager/7.0-sp1
version/avaya aura session manager/7.0-sp2
version/avaya aura session manager/7.0.1
version/avaya aura session manager/7.0.1-sp1
version/avaya aura session manager/7.0.1-sp2
canonical/avaya aura system manager
version/avaya aura system manager/6.3
version/avaya aura system manager/6.3.18
version/avaya aura system manager/7.0
version/avaya aura system manager/7.0.1.3
canonical/avaya aura utility services
version/avaya aura utility services/6.3
version/avaya aura utility services/6.3.14
version/avaya aura utility services/7.0
version/avaya aura utility services/7.0.1.2
canonical/avaya meeting exchange
version/avaya meeting exchange/6.2
version/avaya meeting exchange/6.2-sp3
canonical/avaya message networking
version/avaya message networking/5.2
version/avaya message networking/6.3
canonical/avaya one-x client enablement services
version/avaya one-x client enablement services/6.2
version/avaya one-x client enablement services/6.2-sp1
version/avaya one-x client enablement services/6.2-sp2
version/avaya one-x client enablement services/6.2-sp5
canonical/avaya proactive contact
version/avaya proactive contact/5.0
version/avaya proactive contact/5.1.2
canonical/avaya session border controller for enterprise
version/avaya session border controller for enterprise/6.2
version/avaya session border controller for enterprise/6.3
version/avaya session border controller for enterprise/7.0
version/avaya session border controller for enterprise/7.1
canonical/avaya aura system platform
version/avaya aura system platform/6.3
version/avaya aura system platform/6.4.0

CVE-2016-5285: Null Pointer Dereference

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-5285?

How do I fix CVE-2016-5285?

What is affected by CVE-2016-5285?

What happens if I don't address CVE-2016-5285?

Who is primarily affected by CVE-2016-5285?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2016-5285?

How do I fix CVE-2016-5285?

What is affected by CVE-2016-5285?

What happens if I don't address CVE-2016-5285?

Who is primarily affected by CVE-2016-5285?