What is CVE-2021-43527?

CVE-2021-43527 is a vulnerability in Mozilla Nss. Published 2021-12-08.

Is CVE-2021-43527 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mozilla Nss

CVE-2021-43527

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7…

EPSS: 0.052 (90.2th percentile) — read the EPSS interpretation.

Affected products

Mozilla Nss — versions unspecified

Public proof-of-concept exploits

ARPSyndicate/cvemon
kaosagnt/ansible-everyday

References

www.mozilla.org/security/advisories/mfsa2021-51/
bugzilla.mozilla.org/show_bug.cgi
ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/
ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/
www.oracle.com/security-alerts/cpuapr2022.html
security.netapp.com/advisory/ntap-20211229-0002/
cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf
www.starwindsoftware.com/security/sw-20220802-0001/
GLSA-202212-05 (vendor-advisory)

Frequently asked questions

What is CVE-2021-43527?: CVE-2021-43527 is a vulnerability in Mozilla Nss. Published 2021-12-08.
Is CVE-2021-43527 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.