CVE-2016-8635

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

Published : 2018-08-01 13:29 Updated : 2019-10-09 23:20

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Mozilla Network Security Services 3.21 cpe:/a:mozilla:network_security_services:3.21
Mozilla Network Security Services 3.21.1 cpe:/a:mozilla:network_security_services:3.21.1
Mozilla Network Security Services 3.21.2 cpe:/a:mozilla:network_security_services:3.21.2
Mozilla Network Security Services 3.21.3 cpe:/a:mozilla:network_security_services:3.21.3
Mozilla Network Security Services 3.21.4 cpe:/a:mozilla:network_security_services:3.21.4
Redhat Enterprise Linux Desktop 5.0 cpe:/o:redhat:enterprise_linux_desktop:5.0
Redhat Enterprise Linux Desktop 6.0 cpe:/o:redhat:enterprise_linux_desktop:6.0
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 5.0 cpe:/o:redhat:enterprise_linux_server:5.0
Redhat Enterprise Linux Server 6.0 cpe:/o:redhat:enterprise_linux_server:6.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Server Aus 7.3 cpe:/o:redhat:enterprise_linux_server_aus:7.3
Redhat Enterprise Linux Server Aus 7.4 cpe:/o:redhat:enterprise_linux_server_aus:7.4
Redhat Enterprise Linux Server Aus 7.6 cpe:/o:redhat:enterprise_linux_server_aus:7.6
Redhat Enterprise Linux Server Eus 7.3 cpe:/o:redhat:enterprise_linux_server_eus:7.3
Redhat Enterprise Linux Server Eus 7.4 cpe:/o:redhat:enterprise_linux_server_eus:7.4
Redhat Enterprise Linux Server Eus 7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.5
Redhat Enterprise Linux Server Eus 7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.6
Redhat Enterprise Linux Server Tus 7.3 cpe:/o:redhat:enterprise_linux_server_tus:7.3
Redhat Enterprise Linux Server Tus 7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.6
Redhat Enterprise Linux Workstation 5.0 cpe:/o:redhat:enterprise_linux_workstation:5.0
Redhat Enterprise Linux Workstation 6.0 cpe:/o:redhat:enterprise_linux_workstation:6.0
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
  1. Redhat (6) Search CVE
    1. Enterprise Linux Server Eus (4) Search CVE
      1. 7.3
      2. 7.4
      3. 7.5
      4. 7.6
    2. Enterprise Linux Desktop (3) Search CVE
      1. 5.0
      2. 6.0
      3. 7.0
    3. Enterprise Linux Workstation (3) Search CVE
      1. 5.0
      2. 6.0
      3. 7.0
    4. Enterprise Linux Server (3) Search CVE
      1. 5.0
      2. 6.0
      3. 7.0
    5. Enterprise Linux Server Aus (3) Search CVE
      1. 7.3
      2. 7.4
      3. 7.6
    6. Enterprise Linux Server Tus (2) Search CVE
      1. 7.3
      2. 7.6
  2. Mozilla (1) Search CVE
    1. Network Security Services (5) Search CVE
      1. 3.21
      2. 3.21.1
      3. 3.21.2
      4. 3.21.3
      5. 3.21.4

CWE

ID Name Description Links
CWE-320 Key Management Errors Weaknesses in this category are related to errors in the management of cryptographic keys. CVE

History of changes

Date Event
2018-10-31 19:20
2018-08-03 01:29
2018-08-01 13:29

New CVE