Integer Overflow Vulnerability in Mozilla Netscape Portable Runtime
CVE-2016-1951

8.6HIGH

Key Information:

Vendor

Mozilla
Status
Netscape Portable Runtime
Vendor
CVE Published:
7 August 2016

What is CVE-2016-1951?

The vulnerability is caused by integer overflow issues in io/prprf.c, affecting versions of Mozilla's Netscape Portable Runtime (NSPR) prior to 4.12. This flaw allows remote attackers to exploit the system by sending long strings to a PR_*printf function, potentially triggering a buffer overflow. The resulting compromised memory may lead to denial of service or may enable further unspecified repercussions, jeopardizing system stability and security.

References

https://groups.google.com/forum/message/raw?msg=mozilla.d...
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/92385
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1036590
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.