NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
Published 2021-12-08 22:15:09
Updated 2023-02-23 01:40:31
View at NVD,   CVE.org
Vulnerability category: Memory Corruption

Exploit prediction scoring system (EPSS) score for CVE-2021-43527

0.54%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-43527

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST

CWE ids for CVE-2021-43527

  • The product writes data past the end, or before the beginning, of the intended buffer.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-43527

Products affected by CVE-2021-43527

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!