CVE-2021-43527

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:nss_esr:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r13:*:*:*:*:*:*:*
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398:*:*:*:*:*:*

History

No history.

Information

Published : 2021-12-08 22:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-43527

Mitre link : CVE-2021-43527

CVE.ORG link : CVE-2021-43527


JSON object : View

Products Affected

mozilla

  • nss
  • nss_esr

netapp

  • cloud_backup
  • e-series_santricity_os_controller

oracle

  • communications_cloud_native_core_network_repository_function
  • communications_cloud_native_core_network_slice_selection_function
  • communications_policy_management
  • communications_cloud_native_core_binding_support_function

starwindsoftware

  • starwind_san_\&_nas
  • starwind_virtual_san
CWE
CWE-787

Out-of-bounds Write