CVE-2021-43527
nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
NSS (Network Security Services) versiones anteriores a 3.73 o 3.68.1, ESR son vulnerables a un desbordamiento de pila cuando manejan firmas DSA o RSA-PSS codificadas con DER. Es probable que las aplicaciones que usan NSS para manejar firmas codificadas en CMS, S/MIME, PKCS \#7 o PKCS \#12 estén afectadas. Las aplicaciones que usan NSS para la comprobación de certificados u otras funcionalidades de TLS, X.509, OCSP o CRL pueden verse afectadas, dependiendo de cómo configuren NSS. *Nota: Esta vulnerabilidad NO afecta a Mozilla Firefox. Sin embargo, se cree que los clientes de correo electrónico y los visores de PDF que usan NSS para la verificación de firmas, como Thunderbird, LibreOffice, Evolution y Evince, pueden verse afectados. Esta vulnerabilidad afecta a NSS versiones anteriores a 3.73 y NSS versiones anteriores a 3.68.1
A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS, which processes client certificates, can receive a malicious certificate via a client, triggering the flaw. The highest threat to this vulnerability is confidentiality, integrity, as well as system availability.
NSS (Network Security Services), Mozilla project's cross-platform security library, suffers from a memory corruption flaw when validating ECDSA signatures.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-11-08 CVE Reserved
- 2021-12-01 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-787: Out-of-bounds Write
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf | Third Party Advisory |
|
| https://security.netapp.com/advisory/ntap-20211229-0002 | Third Party Advisory |
|
| https://www.starwindsoftware.com/security/sw-20220802-0001 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2022.html | 2023-02-23 |
| URL | Date | SRC |
|---|---|---|
| https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM | 2023-02-23 | |
| https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM | 2023-02-23 | |
| https://security.gentoo.org/glsa/202212-05 | 2023-02-23 | |
| https://www.mozilla.org/security/advisories/mfsa2021-51 | 2023-02-23 | |
| https://access.redhat.com/security/cve/CVE-2021-43527 | 2021-12-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2024370 | 2021-12-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Nss Search vendor "Mozilla" for product "Nss" | < 3.73 Search vendor "Mozilla" for product "Nss" and version " < 3.73" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Nss Esr Search vendor "Mozilla" for product "Nss Esr" | < 3.68.1 Search vendor "Mozilla" for product "Nss Esr" and version " < 3.68.1" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | >= 11.0 <= 11.70.1 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version " >= 11.0 <= 11.70.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Binding Support Function Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" | 1.11.0 Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "1.11.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Repository Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" | 1.15.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "1.15.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Repository Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" | 1.15.1 Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "1.15.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Slice Selection Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function" | 1.8.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function" and version "1.8.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Policy Management Search vendor "Oracle" for product "Communications Policy Management" | 12.6.0.0.0 Search vendor "Oracle" for product "Communications Policy Management" and version "12.6.0.0.0" | - |
Affected
| ||||||
| Starwindsoftware Search vendor "Starwindsoftware" | Starwind San \& Nas Search vendor "Starwindsoftware" for product "Starwind San \& Nas" | v8r13 Search vendor "Starwindsoftware" for product "Starwind San \& Nas" and version "v8r13" | - |
Affected
| ||||||
| Starwindsoftware Search vendor "Starwindsoftware" | Starwind Virtual San Search vendor "Starwindsoftware" for product "Starwind Virtual San" | v8r13 Search vendor "Starwindsoftware" for product "Starwind Virtual San" and version "v8r13" | 14398 |
Affected
| ||||||