CVE-2016-1938

EUVD-2016-3027
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
opensuseleap
42.1
opensuseopensuse
13.1
opensuseopensuse
13.2
mozillanss
𝑥
≤ 3.20.1
mozillafirefox
𝑥
≤ 43.0.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nss
bookworm
2:3.87.1-1
fixed
bullseye
2:3.61-1+deb11u3
fixed
bullseye (security)
2:3.61-1+deb11u4
fixed
jessie
not-affected
sid
2:3.105-2
fixed
squeeze
not-affected
trixie
2:3.105-2
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
precise
Fixed 44.0+build3-0ubuntu0.12.04.1
released
trusty
Fixed 44.0+build3-0ubuntu0.14.04.1
released
vivid
Fixed 44.0+build3-0ubuntu0.15.04.1
released
wily
Fixed 44.0+build3-0ubuntu0.15.10.1
released
xenial
Fixed 44.0+build3-0ubuntu1
released
yakkety
Fixed 44.0+build3-0ubuntu1
released
zesty
Fixed 44.0+build3-0ubuntu1
released
nss
precise
Fixed 2:3.21-0ubuntu0.12.04.1
released
trusty
Fixed 2:3.21-0ubuntu0.14.04.1
released
vivid
ignored
wily
Fixed 2:3.21-0ubuntu0.15.10.1
released
xenial
not-affected
yakkety
not-affected
zesty
not-affected
thunderbird
precise
Fixed 1:38.8.0+build1-0ubuntu0.12.04.1
released
trusty
Fixed 1:38.8.0+build1-0ubuntu0.14.04.1
released
vivid
ignored
wily
Fixed 1:38.8.0+build1-0ubuntu0.15.10.1
released
xenial
Fixed 1:38.8.0+build1-0ubuntu0.16.04.1
released
yakkety
Fixed 1:38.8.0+build1-0ubuntu1
released
zesty
Fixed 1:38.8.0+build1-0ubuntu1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html
http://www.debian.org/security/2016/dsa-3688
http://www.mozilla.org/security/announce/2016/mfsa2016-07.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.securityfocus.com/bid/81955
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1034825
http://www.ubuntu.com/usn/USN-2880-1
http://www.ubuntu.com/usn/USN-2880-2
http://www.ubuntu.com/usn/USN-2903-1
http://www.ubuntu.com/usn/USN-2903-2
http://www.ubuntu.com/usn/USN-2973-1
https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1190248
https://bugzilla.mozilla.org/show_bug.cgi?id=1194947
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes
https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c
https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c
https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c
https://security.gentoo.org/glsa/201605-06
https://security.gentoo.org/glsa/201701-46
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html
http://www.debian.org/security/2016/dsa-3688
http://www.mozilla.org/security/announce/2016/mfsa2016-07.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.securityfocus.com/bid/81955
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1034825
http://www.ubuntu.com/usn/USN-2880-1
http://www.ubuntu.com/usn/USN-2880-2
http://www.ubuntu.com/usn/USN-2903-1
http://www.ubuntu.com/usn/USN-2903-2
http://www.ubuntu.com/usn/USN-2973-1
https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1190248
https://bugzilla.mozilla.org/show_bug.cgi?id=1194947
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes
https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c
https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c
https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c
https://security.gentoo.org/glsa/201605-06
https://security.gentoo.org/glsa/201701-46