| Name | CVE-2021-43527 |
| Description | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-2836-1, DSA-5016-1, ELA-525-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| nss (PTS) | jessie, jessie (lts) | 2:3.26-1+debu8u19 | fixed |
| stretch (security) | 2:3.26.2-1.1+deb9u5 | fixed | |
| stretch (lts), stretch | 2:3.26.2-1.1+deb9u8 | fixed | |
| buster, buster (lts) | 2:3.42.1-1+deb10u9 | fixed | |
| buster (security) | 2:3.42.1-1+deb10u8 | fixed | |
| bullseye | 2:3.61-1+deb11u3 | fixed | |
| bullseye (security) | 2:3.61-1+deb11u4 | fixed | |
| bookworm | 2:3.87.1-1 | fixed | |
| bookworm (security) | 2:3.87.1-1+deb12u1 | fixed | |
| trixie | 2:3.105-2 | fixed | |
| sid | 2:3.106-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| nss | source | jessie | 2:3.26-1+debu8u14 | ELA-525-1 | ||
| nss | source | stretch | 2:3.26.2-1.1+deb9u3 | DLA-2836-1 | ||
| nss | source | buster | 2:3.42.1-1+deb10u4 | DSA-5016-1 | ||
| nss | source | bullseye | 2:3.61-1+deb11u1 | DSA-5016-1 | ||
| nss | source | (unstable) | 2:3.73-1 |
https://www.openwall.com/lists/oss-security/2021/12/01/4
https://hg.mozilla.org/projects/nss/rev/6b3dc97a8767d9dc5c4c181597d1341d0899aa58 (NSS_3_73_BRANCH)
https://hg.mozilla.org/projects/nss/rev/dea71cbef9e03636f37c6cb120f8deccce6e17dd (NSS_3_68_1_BRANCH)
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/#CVE-2021-43527
https://bugzilla.mozilla.org/show_bug.cgi?id=1737470 (not yet public)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2237
https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html