CVE-2016-1951
Debian Security Advisory 3687-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.
Múltiples desbordamientos de entero en io/prprf.c en Mozilla Netscape Portable Runtime (NSPR) en versiones anteriores a 4.12 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer) o posiblemente tener otro impacto no especificado a través de una cadena larga a una función PR_*printf.
It was discovered that NSPR incorrectly handled memory allocation. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, and Karl Tomlinson, discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-01-20 CVE Reserved
- 2016-07-11 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/92385 | Vdb Entry | |
http://www.securitytracker.com/id/1036590 | Vdb Entry | |
https://bugzilla.mozilla.org/show_bug.cgi?id=1174015 | Issue Tracking | |
https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/dV4MyMsg6jw/hhWcXOgJDQAJ | Mailing List | |
https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.ubuntu.com/usn/USN-3023-1 | 2016-11-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Netscape Portable Runtime Search vendor "Mozilla" for product "Netscape Portable Runtime" | <= 4.11 Search vendor "Mozilla" for product "Netscape Portable Runtime" and version " <= 4.11" | - |
Affected
|