1. Home
  2. CVE Database
  3. CVE-2016-8635
MEDIUM · 5.3

CVE-2016-8635

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining th...

Vulnerability Description

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
MozillaNetwork Security Services>= 3.21, <= 3.21.4
RedhatEnterprise Linux Desktop5.0
RedhatEnterprise Linux Server5.0
RedhatEnterprise Linux Server Aus7.3
RedhatEnterprise Linux Server Eus7.3
RedhatEnterprise Linux Server Tus7.3
RedhatEnterprise Linux Workstation5.0

Related Weaknesses (CWE)

CWE-320CWE-358

References

FAQ

What is CVE-2016-8635?

CVE-2016-8635 is a vulnerability with a CVSS score of 5.3 (MEDIUM). It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining th...

How severe is CVE-2016-8635?

CVE-2016-8635 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-8635?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Network Security Services, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus.