Name | CVE-2021-43527 |
Description | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-2836-1, DSA-5016-1 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
nss (PTS) | bullseye | 2:3.61-1+deb11u3 | fixed |
bullseye (security) | 2:3.61-1+deb11u4 | fixed | |
bookworm | 2:3.87.1-1 | fixed | |
bookworm (security) | 2:3.87.1-1+deb12u1 | fixed | |
sid, trixie | 2:3.106-1 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
nss | source | stretch | 2:3.26.2-1.1+deb9u3 | DLA-2836-1 | ||
nss | source | buster | 2:3.42.1-1+deb10u4 | DSA-5016-1 | ||
nss | source | bullseye | 2:3.61-1+deb11u1 | DSA-5016-1 | ||
nss | source | (unstable) | 2:3.73-1 |
https://www.openwall.com/lists/oss-security/2021/12/01/4
https://hg.mozilla.org/projects/nss/rev/6b3dc97a8767d9dc5c4c181597d1341d0899aa58 (NSS_3_73_BRANCH)
https://hg.mozilla.org/projects/nss/rev/dea71cbef9e03636f37c6cb120f8deccce6e17dd (NSS_3_68_1_BRANCH)
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/#CVE-2021-43527
https://bugzilla.mozilla.org/show_bug.cgi?id=1737470 (not yet public)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2237
https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html