CVE-2021-43527

NameCVE-2021-43527
DescriptionNSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2836-1, DSA-5016-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nss (PTS)bullseye2:3.61-1+deb11u3fixed
bullseye (security)2:3.61-1+deb11u4fixed
bookworm2:3.87.1-1fixed
bookworm (security)2:3.87.1-1+deb12u1fixed
sid, trixie2:3.106-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nsssourcestretch2:3.26.2-1.1+deb9u3DLA-2836-1
nsssourcebuster2:3.42.1-1+deb10u4DSA-5016-1
nsssourcebullseye2:3.61-1+deb11u1DSA-5016-1
nsssource(unstable)2:3.73-1

Notes

https://www.openwall.com/lists/oss-security/2021/12/01/4
https://hg.mozilla.org/projects/nss/rev/6b3dc97a8767d9dc5c4c181597d1341d0899aa58 (NSS_3_73_BRANCH)
https://hg.mozilla.org/projects/nss/rev/dea71cbef9e03636f37c6cb120f8deccce6e17dd (NSS_3_68_1_BRANCH)
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/#CVE-2021-43527
https://bugzilla.mozilla.org/show_bug.cgi?id=1737470 (not yet public)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2237
https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html

Search for package or bug name: Reporting problems