CVE-2021-43527

Published: 1 December 2021

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.

Notes

thunderbird 91.3.0 already shipped a work-around for this issue,
which is now known as CVE-2021-43529, but thunderbird 91.4.0
will also fix the nss issue to prevent secondary attack vectors.

Status

Severity score breakdown

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527
• https://ubuntu.com/security/notices/USN-5168-1
• https://ubuntu.com/security/notices/USN-5168-2
• https://ubuntu.com/security/notices/USN-5168-3
• https://ubuntu.com/security/notices/USN-5168-4
• NVD
• Launchpad
• Debian

Bugs

• https://bugs.chromium.org/p/project-zero/issues/detail?id=2237
• https://bugzilla.mozilla.org/show_bug.cgi?id=1738501 (tb workaround)