CVE-2016-5285: Null Pointer Dereference
First published: Fri Nov 15 2019(Updated: )
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla NSS | <3.26 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Redhat Enterprise Linux | =5.0 | |
| Redhat Enterprise Linux | =6.0 | |
| Redhat Enterprise Linux | =7.0 | |
| SUSE Linux Enterprise Server | =11-sp2 | |
| Avaya Aura Application Enablement Services | >=6.1<=6.3.3 | |
| Avaya Aura Application Enablement Services | =7.0 | |
| Avaya Aura Application Server 5300 | =3.0 | |
| Avaya Aura Application Server 5300 | =3.0-sp1 | |
| Avaya Aura Application Server 5300 | =3.0-sp10 | |
| Avaya Aura Application Server 5300 | =3.0-sp10.1 | |
| Avaya Aura Application Server 5300 | =3.0-sp11 | |
| Avaya Aura Application Server 5300 | =3.0-sp11.1 | |
| Avaya Aura Application Server 5300 | =3.0-sp12 | |
| Avaya Aura Application Server 5300 | =3.0-sp12.1 | |
| Avaya Aura Application Server 5300 | =3.0-sp12.2 | |
| Avaya Aura Application Server 5300 | =3.0-sp12.3 | |
| Avaya Aura Application Server 5300 | =3.0-sp12.5 | |
| Avaya Aura Application Server 5300 | =3.0-sp3 | |
| Avaya Aura Application Server 5300 | =3.0-sp5 | |
| Avaya Aura Application Server 5300 | =3.0-sp7 | |
| Avaya Aura Communication Manager | >=6.0<=6.3.117.0 | |
| Avaya Aura Communication Manager | =7.0 | |
| Avaya Aura Communication Manager | =7.0-sp | |
| Avaya Aura Communication Manager | =7.0-sp3 | |
| Avaya Aura Communication Manager Messagint | =7.0 | |
| Avaya Aura Communication Manager Messagint | =7.0-sp1 | |
| Avaya Breeze Platform | >=3.0<=3.2 | |
| Avaya Call Management System | >=18.0.0.1<=18.0.0.2 | |
| Avaya Call Management System | =17.0 | |
| Avaya Call Management System | =17.0-r3 | |
| Avaya Call Management System | =17.0-r4 | |
| Avaya Call Management System | =17.0-r5 | |
| Avaya Call Management System | =17.0-r6 | |
| Avaya Iq | =5.2.x | |
| Avaya Cs1000e Firmware | >=7.0<=7.6 | |
| Avaya Cs1000e | ||
| Avaya Cs1000m Firmware | >=7.0<=7.6 | |
| Avaya Cs1000m | ||
| Avaya Cs1000e\/cs1000m Signaling Server Firmware | >=7.0<=7.6 | |
| Avaya Cs1000e\/cs1000m Signaling Server | ||
| Avaya Aura Conferencing | =7.0 | |
| Avaya Aura Conferencing | =7.2 | |
| Avaya Aura Conferencing | =8.0 | |
| Avaya Aura Conferencing | =8.0-sp2 | |
| Avaya Aura Conferencing | =8.0-sp4 | |
| Avaya Aura Conferencing | =8.0-sp5 | |
| Avaya Aura Conferencing | =8.0-sp7 | |
| Avaya Aura Conferencing | =8.0-sp8 | |
| Avaya Aura Conferencing | =8.0-sp9 | |
| Avaya Aura Experience Portal | >=6.0<=7.1 | |
| Avaya IP Office | =8.1 | |
| Avaya IP Office | =9.1 | |
| Avaya IP Office | =9.1-sp1 | |
| Avaya IP Office | =9.1-sp10 | |
| Avaya IP Office | =9.1-sp11 | |
| Avaya IP Office | =9.1-sp12 | |
| Avaya IP Office | =9.1-sp3 | |
| Avaya IP Office | =9.1-sp4 | |
| Avaya IP Office | =9.1-sp5 | |
| Avaya IP Office | =9.1-sp6 | |
| Avaya IP Office | =9.1-sp7 | |
| Avaya IP Office | =9.1-sp8 | |
| Avaya IP Office | =9.1-sp9 | |
| Avaya IP Office | =10.0 | |
| Avaya IP Office | =10.0-sp1 | |
| Avaya IP Office | =10.0-sp2 | |
| Avaya IP Office | =10.0-sp3 | |
| Avaya IP Office | =10.0-sp4 | |
| Avaya IP Office | =10.0-sp5 | |
| Avaya IP Office | =10.0-sp6 | |
| Avaya IP Office | =10.0-sp7 | |
| Avaya Aura Messaging | =6.3 | |
| Avaya Aura Messaging | =6.3.3 | |
| Avaya Aura Messaging | =6.3.3-sp4 | |
| Avaya Aura Messaging | =6.3.3-sp5 | |
| Avaya Aura Messaging | =6.3.3-sp6 | |
| Avaya Aura Session Manager | >=6.3<=6.3.18 | |
| Avaya Aura Session Manager | =7.0 | |
| Avaya Aura Session Manager | =7.0-sp1 | |
| Avaya Aura Session Manager | =7.0-sp2 | |
| Avaya Aura Session Manager | =7.0.1 | |
| Avaya Aura Session Manager | =7.0.1-sp1 | |
| Avaya Aura Session Manager | =7.0.1-sp2 | |
| Avaya Aura System Manager | >=6.3<=6.3.18 | |
| Avaya Aura System Manager | >=7.0<=7.0.1.3 | |
| Avaya Aura Utility Services | >=6.3<=6.3.14 | |
| Avaya Aura Utility Services | >=7.0<=7.0.1.2 | |
| Avaya Meeting Exchange | =6.2 | |
| Avaya Meeting Exchange | =6.2-sp3 | |
| Avaya Message Networking | >=5.2<=6.3 | |
| Avaya One-x Client Enablement Services | =6.2 | |
| Avaya One-x Client Enablement Services | =6.2-sp1 | |
| Avaya One-x Client Enablement Services | =6.2-sp2 | |
| Avaya One-x Client Enablement Services | =6.2-sp5 | |
| Avaya Proactive Contact | >=5.0<=5.1.2 | |
| Avaya Session Border Controller For Enterprise Firmware | >=6.2<=6.3 | |
| Avaya Session Border Controller For Enterprise Firmware | >=7.0<=7.1 | |
| Avaya Session Border Controller for Enterprise | ||
| Avaya Aura System Platform Firmware | >=6.3<=6.4.0 | |
| Avaya Aura System Platform |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html
- http://rhn.redhat.com/errata/RHSA-2016-2779.html
- http://www.securityfocus.com/bid/94349
- http://www.ubuntu.com/usn/USN-3163-1
- https://bto.bluecoat.com/security-advisory/sa137
- https://bugzilla.mozilla.org/show_bug.cgi?id=1306103
- https://security.gentoo.org/glsa/201701-46
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mozilla
- canonical/mozilla nss
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/5.0
- version/redhat enterprise linux/6.0
- version/redhat enterprise linux/7.0
- vendor/suse
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp2
- vendor/avaya
- canonical/avaya aura application enablement services
- version/avaya aura application enablement services/6.1
- version/avaya aura application enablement services/6.3.3
- version/avaya aura application enablement services/7.0
- canonical/avaya aura application server 5300
- version/avaya aura application server 5300/3.0
- version/avaya aura application server 5300/3.0-sp1
- version/avaya aura application server 5300/3.0-sp10
- version/avaya aura application server 5300/3.0-sp10.1
- version/avaya aura application server 5300/3.0-sp11
- version/avaya aura application server 5300/3.0-sp11.1
- version/avaya aura application server 5300/3.0-sp12
- version/avaya aura application server 5300/3.0-sp12.1
- version/avaya aura application server 5300/3.0-sp12.2
- version/avaya aura application server 5300/3.0-sp12.3
- version/avaya aura application server 5300/3.0-sp12.5
- version/avaya aura application server 5300/3.0-sp3
- version/avaya aura application server 5300/3.0-sp5
- version/avaya aura application server 5300/3.0-sp7
- canonical/avaya aura communication manager
- version/avaya aura communication manager/6.0
- version/avaya aura communication manager/6.3.117.0
- version/avaya aura communication manager/7.0
- version/avaya aura communication manager/7.0-sp
- version/avaya aura communication manager/7.0-sp3
- canonical/avaya aura communication manager messagint
- version/avaya aura communication manager messagint/7.0
- version/avaya aura communication manager messagint/7.0-sp1
- canonical/avaya breeze platform
- version/avaya breeze platform/3.0
- version/avaya breeze platform/3.2
- canonical/avaya call management system
- version/avaya call management system/18.0.0.1
- version/avaya call management system/18.0.0.2
- version/avaya call management system/17.0
- version/avaya call management system/17.0-r3
- version/avaya call management system/17.0-r4
- version/avaya call management system/17.0-r5
- version/avaya call management system/17.0-r6
- canonical/avaya iq
- version/avaya iq/5.2.x
- canonical/avaya cs1000e firmware
- version/avaya cs1000e firmware/7.0
- version/avaya cs1000e firmware/7.6
- canonical/avaya cs1000e
- canonical/avaya cs1000m firmware
- version/avaya cs1000m firmware/7.0
- version/avaya cs1000m firmware/7.6
- canonical/avaya cs1000m
- canonical/avaya cs1000e\/cs1000m signaling server firmware
- version/avaya cs1000e\/cs1000m signaling server firmware/7.0
- version/avaya cs1000e\/cs1000m signaling server firmware/7.6
- canonical/avaya cs1000e\/cs1000m signaling server
- canonical/avaya aura conferencing
- version/avaya aura conferencing/7.0
- version/avaya aura conferencing/7.2
- version/avaya aura conferencing/8.0
- version/avaya aura conferencing/8.0-sp2
- version/avaya aura conferencing/8.0-sp4
- version/avaya aura conferencing/8.0-sp5
- version/avaya aura conferencing/8.0-sp7
- version/avaya aura conferencing/8.0-sp8
- version/avaya aura conferencing/8.0-sp9
- canonical/avaya aura experience portal
- version/avaya aura experience portal/6.0
- version/avaya aura experience portal/7.1
- canonical/avaya ip office
- version/avaya ip office/8.1
- version/avaya ip office/9.1
- version/avaya ip office/9.1-sp1
- version/avaya ip office/9.1-sp10
- version/avaya ip office/9.1-sp11
- version/avaya ip office/9.1-sp12
- version/avaya ip office/9.1-sp3
- version/avaya ip office/9.1-sp4
- version/avaya ip office/9.1-sp5
- version/avaya ip office/9.1-sp6
- version/avaya ip office/9.1-sp7
- version/avaya ip office/9.1-sp8
- version/avaya ip office/9.1-sp9
- version/avaya ip office/10.0
- version/avaya ip office/10.0-sp1
- version/avaya ip office/10.0-sp2
- version/avaya ip office/10.0-sp3
- version/avaya ip office/10.0-sp4
- version/avaya ip office/10.0-sp5
- version/avaya ip office/10.0-sp6
- version/avaya ip office/10.0-sp7
- canonical/avaya aura messaging
- version/avaya aura messaging/6.3
- version/avaya aura messaging/6.3.3
- version/avaya aura messaging/6.3.3-sp4
- version/avaya aura messaging/6.3.3-sp5
- version/avaya aura messaging/6.3.3-sp6
- canonical/avaya aura session manager
- version/avaya aura session manager/6.3
- version/avaya aura session manager/6.3.18
- version/avaya aura session manager/7.0
- version/avaya aura session manager/7.0-sp1
- version/avaya aura session manager/7.0-sp2
- version/avaya aura session manager/7.0.1
- version/avaya aura session manager/7.0.1-sp1
- version/avaya aura session manager/7.0.1-sp2
- canonical/avaya aura system manager
- version/avaya aura system manager/6.3
- version/avaya aura system manager/6.3.18
- version/avaya aura system manager/7.0
- version/avaya aura system manager/7.0.1.3
- canonical/avaya aura utility services
- version/avaya aura utility services/6.3
- version/avaya aura utility services/6.3.14
- version/avaya aura utility services/7.0
- version/avaya aura utility services/7.0.1.2
- canonical/avaya meeting exchange
- version/avaya meeting exchange/6.2
- version/avaya meeting exchange/6.2-sp3
- canonical/avaya message networking
- version/avaya message networking/5.2
- version/avaya message networking/6.3
- canonical/avaya one-x client enablement services
- version/avaya one-x client enablement services/6.2
- version/avaya one-x client enablement services/6.2-sp1
- version/avaya one-x client enablement services/6.2-sp2
- version/avaya one-x client enablement services/6.2-sp5
- canonical/avaya proactive contact
- version/avaya proactive contact/5.0
- version/avaya proactive contact/5.1.2
- canonical/avaya session border controller for enterprise firmware
- version/avaya session border controller for enterprise firmware/6.2
- version/avaya session border controller for enterprise firmware/6.3
- version/avaya session border controller for enterprise firmware/7.0
- version/avaya session border controller for enterprise firmware/7.1
- canonical/avaya session border controller for enterprise
- canonical/avaya aura system platform firmware
- version/avaya aura system platform firmware/6.3
- version/avaya aura system platform firmware/6.4.0
- canonical/avaya aura system platform