NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1737470 | Issue Tracking Permissions Required Vendor Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf | Third Party Advisory |
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/ | Vendor Advisory |
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/ | Vendor Advisory |
https://security.gentoo.org/glsa/202212-05 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20211229-0002/ | Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2021-51/ | Vendor Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
https://www.starwindsoftware.com/security/sw-20220802-0001/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
23 Feb 2023, 01:40
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202212-05 - Third Party Advisory |
19 Dec 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Oct 2022, 16:22
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.starwindsoftware.com/security/sw-20220802-0001/ - Third Party Advisory | |
First Time |
Starwindsoftware starwind San \& Nas
Starwindsoftware starwind Virtual San Starwindsoftware |
|
CPE | cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398:*:*:*:*:*:* cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r13:*:*:*:*:*:*:* |
11 Oct 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Sep 2022, 03:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:* |
|
First Time |
Oracle communications Cloud Native Core Network Slice Selection Function
Oracle communications Cloud Native Core Binding Support Function Oracle communications Cloud Native Core Network Repository Function Oracle communications Policy Management Oracle |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
20 Apr 2022, 00:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Mar 2022, 18:01
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp
Netapp e-series Santricity Os Controller Netapp cloud Backup |
|
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20211229-0002/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* |
10 Mar 2022, 17:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Dec 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Dec 2021, 14:32
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
CPE | cpe:2.3:a:mozilla:nss_esr:*:*:*:*:*:*:*:* cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
References | (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1737470 - Issue Tracking, Permissions Required, Vendor Advisory | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2021-51/ - Vendor Advisory | |
References | (MISC) https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/ - Vendor Advisory | |
References | (MISC) https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/ - Vendor Advisory |
08 Dec 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-08 22:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-43527
Mitre link : CVE-2021-43527
CVE.ORG link : CVE-2021-43527
JSON object : View
Products Affected
netapp
- e-series_santricity_os_controller
- cloud_backup
starwindsoftware
- starwind_virtual_san
- starwind_san_\&_nas
oracle
- communications_policy_management
- communications_cloud_native_core_network_repository_function
- communications_cloud_native_core_binding_support_function
- communications_cloud_native_core_network_slice_selection_function
mozilla
- nss_esr
- nss
CWE
CWE-787
Out-of-bounds Write