CVE-2016-1979 (retired)

Priority
Description
Use-after-free vulnerability in the
PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network
Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before
45.0, allows remote attackers to cause a denial of service or possibly have
unspecified other impact via crafted key data with DER encoding.
Notes
 mdeslaur> fix was actually in 3.21, not in 3.21.1 as mentioned
Assigned-to
chrisccoulson
Package
Upstream:released (44)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [44.0.2+build1-0ubuntu0.12.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (45.0+build2-0ubuntu1)
Package
Source: nss (LP Ubuntu Debian)
Upstream:released (3.21)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2:3.21-0ubuntu0.12.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2:3.21-1ubuntu3)
Patches:
Upstream:http://hg.mozilla.org/projects/nss/rev/7033b1193c94
Package
Priority: Low
Upstream:released (38.8.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [1:38.8.0+build1-0ubuntu0.12.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (1:38.8.0+build1-0ubuntu0.16.04.1)
More Information

Updated: 2019-08-23 09:09:38 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)