{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-43527","assignerOrgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","assignerShortName":"mozilla","dateUpdated":"2024-08-04T03:55:29.297Z","dateReserved":"2021-11-08T00:00:00.000Z","datePublished":"2021-12-08T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","shortName":"mozilla","dateUpdated":"2022-12-19T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \\#7, or PKCS \\#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1."}],"affected":[{"vendor":"Mozilla","product":"NSS","versions":[{"version":"unspecified","lessThan":"3.73","status":"affected","versionType":"custom"},{"version":"unspecified","lessThan":"3.68.1","status":"affected","versionType":"custom"}]}],"references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2021-51/"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1737470"},{"url":"https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/"},{"url":"https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"url":"https://security.netapp.com/advisory/ntap-20211229-0002/"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf"},{"url":"https://www.starwindsoftware.com/security/sw-20220802-0001/"},{"name":"GLSA-202212-05","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202212-05"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Memory corruption via DER-encoded DSA and RSA-PSS signatures"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T03:55:29.297Z"},"title":"CVE Program Container","references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2021-51/","tags":["x_transferred"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1737470","tags":["x_transferred"]},{"url":"https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/","tags":["x_transferred"]},{"url":"https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/","tags":["x_transferred"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20211229-0002/","tags":["x_transferred"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf","tags":["x_transferred"]},{"url":"https://www.starwindsoftware.com/security/sw-20220802-0001/","tags":["x_transferred"]},{"name":"GLSA-202212-05","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202212-05"}]}]}}