exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

CVE-2021-43527

Status Candidate

Overview

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.

Related Files

Gentoo Linux Security Advisory 202212-05
Posted Dec 19, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202212-5 - Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution. Versions less than 3.79.2 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-43527, CVE-2022-1097, CVE-2022-3479
SHA-256 | 10fe54de09cf75cfbd19ff3734222038fd66ca90411aa4d32356162278df5737
Red Hat Security Advisory 2022-0191-03
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0191-03 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.2 images.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-31525, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558, CVE-2021-42574, CVE-2021-43527
SHA-256 | ff212f83b966f05194a3c89d8842a710d265243e5de79983a7c1b64df072bee3
Debian Security Advisory 5016-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5016-1 - Tavis Ormandy discovered that nss, the Mozilla Network Security Service library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS signatures, which could result in denial of service or potentially the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2021-43527
SHA-256 | 35d9a4d43f640926eb2420ef777ea504b336ac1a1fd52fd509acd24e3675989f
Red Hat Security Advisory 2021-5107-06
Posted Dec 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5107-06 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-4104, CVE-2021-43527, CVE-2021-44228, CVE-2021-45046
SHA-256 | 8e6f91b111dc9af75d98ab70a4b877ecdcb76fcbbc86e88c66e6dd5a73b05cb0
Red Hat Security Advisory 2021-5053-03
Posted Dec 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5053-03 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-36385, CVE-2021-43527
SHA-256 | 2ea87822a24cf699b6d07a14d68f62e1a010747706104760534aa1e6d782a460
Ubuntu Security Notice USN-5168-4
Posted Dec 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5168-4 - USN-5168-3 fixed a vulnerability in NSS. Unfortunately that update introduced a regression that could break SSL connections. This update fixes the problem. Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-43527
SHA-256 | cd759c4921163b4522254a171ff6f8453bdd0d3356341318e777e4577202c35e
Red Hat Security Advisory 2021-5006-04
Posted Dec 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5006-04 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-43527
SHA-256 | 4e25ce3669bf9cd2e6783c132b76c874281295e1b8c51f55c4ee42b7ae508438
Red Hat Security Advisory 2021-4994-03
Posted Dec 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4994-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-43527
SHA-256 | 5a093b949e43ddd10eaee2b97d7b6af2c9f5f4e4b6a148f856c13f79ee8ead64
Red Hat Security Advisory 2021-4969-03
Posted Dec 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4969-03 - Mozilla Thunderbird is a standalone mail and newsgroup client.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-43527
SHA-256 | df86cb0cf4b8a715e18fd345977571cc5da944375835b5228bb952ca9e9f75d4
Red Hat Security Advisory 2021-4953-03
Posted Dec 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4953-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-43527
SHA-256 | 69c69e7cf185111d7f40e08d88693f7613bd7b6af05b64cb8828c2a064deefcb
Red Hat Security Advisory 2021-4954-04
Posted Dec 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4954-04 - Mozilla Thunderbird is a standalone mail and newsgroup client.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-43527
SHA-256 | 8de7d1fc5d0279591f7343424ad213c23deed9a17993eba1bea67089772e7bc3
Red Hat Security Advisory 2021-4933-03
Posted Dec 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4933-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-43527
SHA-256 | e74379b3789c5dd5c5f02cea21f82d7e75be7cd46eeb47e14aff817f329bc3bf
Red Hat Security Advisory 2021-4932-03
Posted Dec 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4932-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-43527
SHA-256 | 8cdf19b3117227f66cf620256e0fcfe76a55f68fdd8d34611c16836908a66dec
Red Hat Security Advisory 2021-4946-03
Posted Dec 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4946-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-43527
SHA-256 | 1eb2cab5b867dc45586feb5652ef78e184b348be2cbaacc90d9b59a71b6e8475
Red Hat Security Advisory 2021-4919-03
Posted Dec 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4919-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-43527
SHA-256 | 554c0c26251078d2735ca84a6c4ad976bca3ae57660b2223fb286b3afc579b26
Red Hat Security Advisory 2021-4909-03
Posted Dec 2, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4909-03 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-43527
SHA-256 | 3397383fc870970d52fe5d7855da284f1519dc5618dd2bb32832dc74d682e887
Red Hat Security Advisory 2021-4907-04
Posted Dec 2, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4907-04 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-43527
SHA-256 | 7638ed55df041a5f9cf5bbc8a0bdf5e2d697e49941d80fb1ad20d6e81c50665c
Red Hat Security Advisory 2021-4903-05
Posted Dec 2, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4903-05 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-43527
SHA-256 | 1192ea57edc3916e9c826e79f6450877a9da40ea7cf7554d8f0620c781548999
Red Hat Security Advisory 2021-4904-05
Posted Dec 2, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4904-05 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-43527
SHA-256 | bc079ab6299283166cc1a45cdd92165e2824572ef9f6267da74fe88f03f3bf0b
Ubuntu Security Notice USN-5168-3
Posted Dec 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5168-3 - USN-5168-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-43527
SHA-256 | 8e46ac4b755901baf54368f8f979d7f0a588af3f6616c907f657e2c244dbb217
Ubuntu Security Notice USN-5168-1
Posted Dec 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5168-1 - Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-43527
SHA-256 | 91fd5d7b423f92ad5a475e193f53008fd00315ad387d2f3615310d1d01b35939
Ubuntu Security Notice USN-5168-2
Posted Dec 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5168-2 - Tavis Ormandy discovered that NSS, included with Thunderbird, incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause Thunderbird to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-43527
SHA-256 | 2ba4e0a3f2328785f3fe60aa8fec22f213764273dcc7bb558f825a8c4fec28c0
NSS Signature Validation Memory Corruption
Posted Dec 1, 2021
Authored by Tavis Ormandy, Google Security Research

NSS (Network Security Services), Mozilla project's cross-platform security library, suffers from a memory corruption flaw when validating ECDSA signatures.

tags | exploit
advisories | CVE-2021-43527
SHA-256 | a1b02e73db5dff5112196a0630115a92894c1a5c5871dfbfe6cb9a06a3c35921
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close