CVE-2016-8635

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
redhatCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
mozillanetwork_security_services
3.21 ≤
𝑥
≤ 3.21.4
redhatenterprise_linux_desktop
5.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
5.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.3
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
7.3
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_tus
7.3
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_workstation
5.0
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
mozillanss
3.21.0 ≤
𝑥
< 3.22.0
CNA
Debian logo
Debian Releases
Debian Product
Codename
nss
bookworm
2:3.87.1-1
fixed
bullseye
2:3.61-1+deb11u3
fixed
bullseye (security)
2:3.61-1+deb11u4
fixed
sid
2:3.105-2
fixed
trixie
2:3.105-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nss
precise
Fixed 2:3.26.2-0ubuntu0.12.04.1
released
trusty
Fixed 2:3.26.2-0ubuntu0.14.04.3
released
xenial
Fixed 2:3.26.2-0ubuntu0.16.04.2
released
yakkety
not-affected
zesty
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
java-1_8_0-openjdk
suse enterprise sap 12 SP1
1.8.0.121-23.4
fixed
suse enterprise sap 12 SP2
1.8.0.121-23.4
fixed
suse enterprise server 12 SP1
1.8.0.121-23.4
fixed
suse enterprise server 12 SP2
1.8.0.121-23.4
fixed
java-1_8_0-openjdk-demo
suse enterprise sap 12 SP1
1.8.0.121-23.4
fixed
suse enterprise sap 12 SP2
1.8.0.121-23.4
fixed
suse enterprise server 12 SP1
1.8.0.121-23.4
fixed
suse enterprise server 12 SP2
1.8.0.121-23.4
fixed
java-1_8_0-openjdk-devel
suse enterprise sap 12 SP1
1.8.0.121-23.4
fixed
suse enterprise sap 12 SP2
1.8.0.121-23.4
fixed
suse enterprise server 12 SP1
1.8.0.121-23.4
fixed
suse enterprise server 12 SP2
1.8.0.121-23.4
fixed
java-1_8_0-openjdk-headless
suse enterprise sap 12 SP1
1.8.0.121-23.4
fixed
suse enterprise sap 12 SP2
1.8.0.121-23.4
fixed
suse enterprise server 12 SP1
1.8.0.121-23.4
fixed
suse enterprise server 12 SP2
1.8.0.121-23.4
fixed
libfreebl3
suse enterprise sap 12 SP1
3.29.5-57.1
fixed
suse enterprise sap 12 SP2
3.29.5-57.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.29.5-57.1
fixed
suse enterprise server 12 SP1
3.29.5-57.1
fixed
suse enterprise server 12 SP2
3.29.5-57.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
libfreebl3-32bit
suse enterprise sap 12 SP1
3.29.5-57.1
fixed
suse enterprise sap 12 SP2
3.29.5-57.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.29.5-57.1
fixed
suse enterprise server 12 SP1
3.29.5-57.1
fixed
suse enterprise server 12 SP2
3.29.5-57.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
libfreebl3-hmac
suse enterprise sap 12 SP1
3.29.5-57.1
fixed
suse enterprise sap 12 SP2
3.29.5-57.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.29.5-57.1
fixed
suse enterprise server 12 SP1
3.29.5-57.1
fixed
suse enterprise server 12 SP2
3.29.5-57.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
libfreebl3-hmac-32bit
suse enterprise sap 12 SP1
3.29.5-57.1
fixed
suse enterprise sap 12 SP2
3.29.5-57.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.29.5-57.1
fixed
suse enterprise server 12 SP1
3.29.5-57.1
fixed
suse enterprise server 12 SP2
3.29.5-57.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
libsoftokn3
suse enterprise sap 12 SP1
3.29.5-57.1
fixed
suse enterprise sap 12 SP2
3.29.5-57.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.29.5-57.1
fixed
suse enterprise server 12 SP1
3.29.5-57.1
fixed
suse enterprise server 12 SP2
3.29.5-57.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
libsoftokn3-32bit
suse enterprise sap 12 SP1
3.29.5-57.1
fixed
suse enterprise sap 12 SP2
3.29.5-57.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.29.5-57.1
fixed
suse enterprise server 12 SP1
3.29.5-57.1
fixed
suse enterprise server 12 SP2
3.29.5-57.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
libsoftokn3-hmac
suse enterprise sap 12 SP1
3.29.5-57.1
fixed
suse enterprise sap 12 SP2
3.29.5-57.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.29.5-57.1
fixed
suse enterprise server 12 SP1
3.29.5-57.1
fixed
suse enterprise server 12 SP2
3.29.5-57.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
libsoftokn3-hmac-32bit
suse enterprise sap 12 SP1
3.29.5-57.1
fixed
suse enterprise sap 12 SP2
3.29.5-57.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.29.5-57.1
fixed
suse enterprise server 12 SP1
3.29.5-57.1
fixed
suse enterprise server 12 SP2
3.29.5-57.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
mozilla-nspr
suse enterprise sap 12 SP1
4.13.1-18.1
fixed
suse enterprise sap 12 SP2
4.13.1-18.1
fixed
suse enterprise server 12
4.13.1-18.1
fixed
suse enterprise server 12 SP1
4.13.1-18.1
fixed
suse enterprise server 12 SP2
4.13.1-18.1
fixed
mozilla-nspr-32bit
suse enterprise sap 12 SP1
4.13.1-18.1
fixed
suse enterprise sap 12 SP2
4.13.1-18.1
fixed
suse enterprise server 12
4.13.1-18.1
fixed
suse enterprise server 12 SP1
4.13.1-18.1
fixed
suse enterprise server 12 SP2
4.13.1-18.1
fixed
mozilla-nspr-devel
suse enterprise server 12
4.13.1-18.1
fixed
mozilla-nss
suse enterprise sap 12 SP1
3.29.5-57.1
fixed
suse enterprise sap 12 SP2
3.29.5-57.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.29.5-57.1
fixed
suse enterprise server 12 SP1
3.29.5-57.1
fixed
suse enterprise server 12 SP2
3.29.5-57.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
mozilla-nss-32bit
suse enterprise sap 12 SP1
3.29.5-57.1
fixed
suse enterprise sap 12 SP2
3.29.5-57.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.29.5-57.1
fixed
suse enterprise server 12 SP1
3.29.5-57.1
fixed
suse enterprise server 12 SP2
3.29.5-57.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
mozilla-nss-certs
suse enterprise sap 12 SP1
3.29.5-57.1
fixed
suse enterprise sap 12 SP2
3.29.5-57.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.29.5-57.1
fixed
suse enterprise server 12 SP1
3.29.5-57.1
fixed
suse enterprise server 12 SP2
3.29.5-57.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
mozilla-nss-certs-32bit
suse enterprise sap 12 SP1
3.29.5-57.1
fixed
suse enterprise sap 12 SP2
3.29.5-57.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.29.5-57.1
fixed
suse enterprise server 12 SP1
3.29.5-57.1
fixed
suse enterprise server 12 SP2
3.29.5-57.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
mozilla-nss-devel
suse enterprise server 12
3.29.5-57.1
fixed
mozilla-nss-sysinit
suse enterprise sap 12 SP1
3.29.5-57.1
fixed
suse enterprise sap 12 SP2
3.29.5-57.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.29.5-57.1
fixed
suse enterprise server 12 SP1
3.29.5-57.1
fixed
suse enterprise server 12 SP2
3.29.5-57.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
mozilla-nss-sysinit-32bit
suse enterprise sap 12 SP1
3.29.5-57.1
fixed
suse enterprise sap 12 SP2
3.29.5-57.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.29.5-57.1
fixed
suse enterprise server 12 SP1
3.29.5-57.1
fixed
suse enterprise server 12 SP2
3.29.5-57.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
mozilla-nss-tools
suse enterprise sap 12 SP1
3.29.5-57.1
fixed
suse enterprise sap 12 SP2
3.29.5-57.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.29.5-57.1
fixed
suse enterprise server 12 SP1
3.29.5-57.1
fixed
suse enterprise server 12 SP2
3.29.5-57.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
nss
RHEL 6
0:3.21.3-2.el6_8
fixed
RHEL 7
0:3.21.3-2.el7_3
fixed
nss-devel
RHEL 6
0:3.21.3-2.el6_8
fixed
RHEL 7
0:3.21.3-2.el7_3
fixed
nss-pkcs11-devel
RHEL 6
0:3.21.3-2.el6_8
fixed
RHEL 7
0:3.21.3-2.el7_3
fixed
nss-sysinit
RHEL 6
0:3.21.3-2.el6_8
fixed
RHEL 7
0:3.21.3-2.el7_3
fixed
nss-tools
RHEL 6
0:3.21.3-2.el6_8
fixed
RHEL 7
0:3.21.3-2.el7_3
fixed
nss-util
RHEL 6
0:3.21.3-1.el6_8
fixed
RHEL 7
0:3.21.3-1.1.el7_3
fixed
nss-util-devel
RHEL 6
0:3.21.3-1.el6_8
fixed
RHEL 7
0:3.21.3-1.1.el7_3
fixed
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2016-2779.html
http://www.securityfocus.com/bid/94346
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635
https://security.gentoo.org/glsa/201701-46
http://rhn.redhat.com/errata/RHSA-2016-2779.html
http://www.securityfocus.com/bid/94346
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635
https://security.gentoo.org/glsa/201701-46