Bug 1383883 (CVE-2016-5285) - CVE-2016-5285 nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash
Summary: CVE-2016-5285 nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRe...
Alias: CVE-2016-5285
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
: 1374803 1380235 (view as bug list)
Depends On: 1383884 1383885 1383886 1383887 1383888 1395535 1429932 1429933
Blocks: 1377248 1374803 1380228
TreeView+ depends on / blocked
Reported: 2016-10-12 03:55 UTC by Huzaifa S. Sidhpurwala
Modified: 2020-02-14 18:00 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS.
Clone Of:
Last Closed: 2016-11-16 06:16:37 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Mozilla Foundation 1306103 None None None 2016-10-31 16:53:55 UTC
Red Hat Product Errata RHSA-2016:2779 normal SHIPPED_LIVE Moderate: nss and nss-util security update 2016-11-22 13:49:09 UTC

Description Huzaifa S. Sidhpurwala 2016-10-12 03:55:44 UTC
A flaw was found in the way a NSS server could be crashed remotely by a client sending an invalid DH key.

Comment 2 Huzaifa S. Sidhpurwala 2016-11-14 03:39:09 UTC
Upstream commit:


Comment 3 Huzaifa S. Sidhpurwala 2016-11-14 07:26:34 UTC
*** Bug 1380235 has been marked as a duplicate of this bug. ***

Comment 5 errata-xmlrpc 2016-11-16 05:59:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 5

Via RHSA-2016:2779 https://rhn.redhat.com/errata/RHSA-2016-2779.html

Comment 6 Huzaifa S. Sidhpurwala 2016-11-16 06:16:00 UTC
Created nss tracking bugs for this issue:

Affects: fedora-all [bug 1395535]

Comment 7 Hubert Kario 2016-11-30 15:56:22 UTC
*** Bug 1374803 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.