CVE-2016-5258

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Resource Management Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2016-0718, CVE-2016-2815, CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822, CVE-2016-2824, CVE-2016-2828, CVE-2016-2830, CVE-2016-2831, CVE-2016-2834, CVE-2016-2835, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5250, CVE-2016-5251, CVE-2016-5252, CVE-2016-5254, CVE-2016-5255, CVE-2016-5259, CVE-2016-5260, CVE-2016-5261, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265, CVE-2016-5266, CVE-2016-5268, CVE-2016-6354

Published on 05/08/16 - Updated on 16/08/17

Description

Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.

Category: Resource Management Error

CWE-416 (Use After Free)
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Security Notices

US National Vulnerability DatabaseCVE-2016-5258
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-259
Arch Linux ASA-201608-2
CentOS CESA-2016:1551
Debian DSA-3640-1
Debian LTSDLA-585-1
Mozilla MFSA2016-72
Redhat RHSA-2016:1551
SUSE SUSE-SU-2016:2061, SUSE-SU-2016:2131, SUSE-SU-2016:2195
Ubuntu USN-3044-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
mozillafirefox
mozillafirefox_esr
oraclelinux

Share this vulnerability with:

Twitter Facebook LinkedIn Mail