DEBIAN-CVE-2016-1938

DEBIAN-CVE-2016-1938 PUBLISHED CVSS 6.5 MEDIUM

The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.

Risk Scores

CVSS v3.0

6.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:11	nss	0, 0, 0
Debian:14	nss	0, 0, 0
Debian:13	nss	0, 0, 0
Debian:12	nss	0, 0, 0

Timeline

Jan 31, 2016 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2016-1938 advisory

Open in Interactive Console →