CVE-2016-8635
First published: Wed Aug 01 2018(Updated: )
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla NSS ESR | >=3.21<=3.21.4 | |
| Red Hat Enterprise Linux Desktop | =5.0 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server | =5.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.5 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Workstation | =5.0 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Red Hat Enterprise Linux Workstation | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-8635?
CVE-2016-8635 is classified as a high severity vulnerability due to its potential to allow key recovery through a small subgroup confinement attack.
How do I fix CVE-2016-8635?
To fix CVE-2016-8635, update Mozilla Network Security Services (NSS) to version 3.21.5 or later.
Which software versions are affected by CVE-2016-8635?
CVE-2016-8635 affects specific versions of Mozilla NSS 3.21.x and several versions of Red Hat Enterprise Linux Desktop and Server.
What kind of attack can exploit CVE-2016-8635?
CVE-2016-8635 can be exploited using a small subgroup confinement attack to recover private keys.
Is CVE-2016-8635 related to Diffie-Hellman key exchanges?
Yes, CVE-2016-8635 involves a vulnerability in the handling of Diffie-Hellman client key exchanges.
- agent/references
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mozilla
- canonical/mozilla nss esr
- version/mozilla nss esr/3.21
- version/mozilla nss esr/3.21.4
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/5.0
- version/red hat enterprise linux desktop/6.0
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/5.0
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.3
- version/red hat enterprise linux server/7.4
- version/red hat enterprise linux server/7.6
- version/red hat enterprise linux server/7.5
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/5.0
- version/red hat enterprise linux workstation/6.0
- version/red hat enterprise linux workstation/7.0