CVE-2016-8635

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-8635

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8635.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-8635

Related

Published

2018-08-01T13:29:00Z

Modified

2024-09-11T02:00:05Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

References

Affected packages

Debian:11 / nss

Package

Name: nss
Purl: pkg:deb/debian/nss?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.25-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / nss

Package

Name: nss
Purl: pkg:deb/debian/nss?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.25-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / nss

Package

Name: nss
Purl: pkg:deb/debian/nss?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.25-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}