Home Short-News Short News: Critical vulnerability in Network Security Services (nss-util) – CVE-2016-1950

Short News: Critical vulnerability in Network Security Services (nss-util) – CVE-2016-1950

0

It has been discovered that the nss-util (Network Security Services) is affected by a critical vulnerability. Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications.

A heap-based buffer overflow flaw was found in the way NSS parsed certain
ASN.1 structures. An attacker could use this flaw to create a specially
crafted certificate which, when parsed by NSS, could cause it to crash, or
execute arbitrary code, using the permissions of the user running an
application compiled against the NSS library. – RedHat Advisory

Please see the further information section for information on package updates.

CVE-2016-1950 CVSS v2

Base Score 6.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Further Information