CVE-2016-1950

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-1950

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-1950.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-1950

Downstream

DEBIAN-CVE-2016-1950

DLA-480-1

DSA-3510-1

DSA-3520-1

DSA-3688-1

RHSA-2016:0370

RHSA-2016:0371

RHSA-2016:0495

SUSE-SU-2016:0727-1

SUSE-SU-2016:0777-1

SUSE-SU-2016:0909-1

SUSE-SU-2017:1175-1

SUSE-SU-2017:1248-1

UBUNTU-CVE-2016-1950

USN-2917-1

USN-2924-1

USN-2934-1

openSUSE-SU-2024:10071-1

openSUSE-SU-2024:10230-1

openSUSE-SU-2024:10451-1

openSUSE-SU-2024:14572-1

Related

Published

2016-03-13T18:59:00Z

Modified

2025-08-09T20:01:26Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

References

Affected packages