A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application.
Find out more about CVE-2016-1979 from the MITRE CVE dictionary dictionary and NIST NVD.
| Base Score | 5.1 |
|---|---|
| Base Metrics | AV:N/AC:H/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 5 (nss) | RHSA-2016:0684 | 2016-04-25 |
| Red Hat Enterprise Linux 7 (nss) | RHSA-2016:0685 | 2016-04-25 |
| Red Hat Enterprise Linux 6 (nss) | RHSA-2016:0591 | 2016-04-05 |
Vulmon