CVE-2016-1938

The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.

CVSS v3.0 6.5 MEDIUM
CVSS v2.0 6.4 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c
https://bugzilla.mozilla.org/show_bug.cgi?id=1194947	Issue Tracking
http://www.mozilla.org/security/announce/2016/mfsa2016-07.html	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1190248	Issue Tracking
https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c
https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes	Vendor Advisory
https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Third Party Advisory
http://www.securityfocus.com/bid/91787	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/81955
https://security.gentoo.org/glsa/201605-06
http://www.ubuntu.com/usn/USN-2973-1
http://www.ubuntu.com/usn/USN-2903-1
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html
http://www.ubuntu.com/usn/USN-2880-1
http://www.ubuntu.com/usn/USN-2903-2
http://www.ubuntu.com/usn/USN-2880-2
https://security.gentoo.org/glsa/201701-46
http://www.securitytracker.com/id/1034825
http://www.debian.org/security/2016/dsa-3688

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:leap:42.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Information

Published : 2016-01-31 10:59

Updated : 2018-10-30 09:27

NVD link : CVE-2016-1938

Mitre link : CVE-2016-1938

JSON object : View

CWE

CWE-310

Cryptographic Issues

Products Affected

mozilla

firefox
nss

opensuse

opensuse
leap

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", "name": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", "tags": [], "refsource": "MISC"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", "tags": ["Issue Tracking"], "refsource": "CONFIRM"}, {"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", "tags": ["Issue Tracking"], "refsource": "CONFIRM"}, {"url": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", "name": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", "tags": [], "refsource": "MISC"}, {"url": "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", "name": "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", "tags": [], "refsource": "MISC"}, {"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", "name": "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", "tags": [], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", "name": "openSUSE-SU-2016:0306", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", "name": "openSUSE-SU-2016:0309", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/91787", "name": "91787", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.securityfocus.com/bid/81955", "name": "81955", "tags": [], "refsource": "BID"}, {"url": "https://security.gentoo.org/glsa/201605-06", "name": "GLSA-201605-06", "tags": [], "refsource": "GENTOO"}, {"url": "http://www.ubuntu.com/usn/USN-2973-1", "name": "USN-2973-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.ubuntu.com/usn/USN-2903-1", "name": "USN-2903-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", "name": "SUSE-SU-2016:0338", "tags": [], "refsource": "SUSE"}, {"url": "http://www.ubuntu.com/usn/USN-2880-1", "name": "USN-2880-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.ubuntu.com/usn/USN-2903-2", "name": "USN-2903-2", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.ubuntu.com/usn/USN-2880-2", "name": "USN-2880-2", "tags": [], "refsource": "UBUNTU"}, {"url": "https://security.gentoo.org/glsa/201701-46", "name": "GLSA-201701-46", "tags": [], "refsource": "GENTOO"}, {"url": "http://www.securitytracker.com/id/1034825", "name": "1034825", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.debian.org/security/2016/dsa-3688", "name": "DSA-3688", "tags": [], "refsource": "DEBIAN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-1938", "ASSIGNER": "security@mozilla.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": true, "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}}, "publishedDate": "2016-01-31T18:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.20.1"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "43.0.4"}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:27Z"}

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

6.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2016-1938

6.5^/10

6.4^/10

Attach tags to `CVE-2016-1938`