CVE-2016-1938 — MEDIUM (6.5)

Q: How severe is CVE-2016-1938?

CVE-2016-1938 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-1938?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Leap, Opensuse Opensuse, Mozilla Nss, Mozilla Firefox.

Vulnerability Description

The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Opensuse	Leap	42.1
Opensuse	Opensuse	13.1
Mozilla	Nss	<= 3.20.1
Mozilla	Firefox	<= 43.0.4

Related Weaknesses (CWE)

CWE-310

References

FAQ

What is CVE-2016-1938?

CVE-2016-1938 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for...

How severe is CVE-2016-1938?

CVE-2016-1938 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-1938?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Leap, Opensuse Opensuse, Mozilla Nss, Mozilla Firefox.