vulnerability
Huawei EulerOS: CVE-2016-1978: nss, nspr, nss-softokn, and nss-util security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Mar 13, 2016 | Nov 30, 2017 | May 13, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Mar 13, 2016
Added
Nov 30, 2017
Modified
May 13, 2025
Description
A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application.
Solutions
huawei-euleros-2_0_sp1-upgrade-nsprhuawei-euleros-2_0_sp1-upgrade-nspr-develhuawei-euleros-2_0_sp1-upgrade-nsshuawei-euleros-2_0_sp1-upgrade-nss-develhuawei-euleros-2_0_sp1-upgrade-nss-softoknhuawei-euleros-2_0_sp1-upgrade-nss-softokn-develhuawei-euleros-2_0_sp1-upgrade-nss-softokn-freeblhuawei-euleros-2_0_sp1-upgrade-nss-softokn-freebl-develhuawei-euleros-2_0_sp1-upgrade-nss-sysinithuawei-euleros-2_0_sp1-upgrade-nss-toolshuawei-euleros-2_0_sp1-upgrade-nss-utilhuawei-euleros-2_0_sp1-upgrade-nss-util-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.