CVE-2021-43527 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 28, 2024
What is CVE-2021-43527?
CVE-2021-43527 is a critical vulnerability in Network Security Services (NSS) versions before 3.73 or 3.68.1 ESR. It involves a heap overflow when handling DER-encoded DSA or RSA-PSS signatures, affecting applications using NSS for signature verification, certificate validation, or TLS, X.509, OCSP, or CRL functionality. Systems with affected NSS versions, such as Thunderbird, LibreOffice, Evolution, and Evince, are at risk. The severity is rated 9.8 out of 10.
Who is impacted by CVE-2021-43527?
Users of NSS versions before 3.73 or 3.68.1 ESR are impacted. This includes applications handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12, such as Thunderbird, LibreOffice, Evolution, and Evince. The vulnerability affects versions between NSS 3.14 (for DSA) and NSS 3.34 (for RSA-PSS) up to the fixed versions.
What to do if CVE-2021-43527 affected you
If you're affected by the CVE-2021-43527 vulnerability, it's crucial to take immediate action to protect your systems. To mitigate the risk, follow these simple steps:
Update to NSS version 3.73 or NSS 3.68.1 ESR, where the issue is fixed.
Ensure any applications relying on NSS for signature verification are using the updated versions.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2021-43527 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on December 8, 2021. To address this vulnerability, users should update their Network Security Services (NSS) to version 3.73 or 3.68.1 ESR, which contain the necessary fixes.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-787, an out-of-bounds write issue affecting Network Security Services (NSS) and various applications.
Learn More
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2021-43527 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 28, 2024
What is CVE-2021-43527?
CVE-2021-43527 is a critical vulnerability in Network Security Services (NSS) versions before 3.73 or 3.68.1 ESR. It involves a heap overflow when handling DER-encoded DSA or RSA-PSS signatures, affecting applications using NSS for signature verification, certificate validation, or TLS, X.509, OCSP, or CRL functionality. Systems with affected NSS versions, such as Thunderbird, LibreOffice, Evolution, and Evince, are at risk. The severity is rated 9.8 out of 10.
Who is impacted by CVE-2021-43527?
Users of NSS versions before 3.73 or 3.68.1 ESR are impacted. This includes applications handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12, such as Thunderbird, LibreOffice, Evolution, and Evince. The vulnerability affects versions between NSS 3.14 (for DSA) and NSS 3.34 (for RSA-PSS) up to the fixed versions.
What to do if CVE-2021-43527 affected you
If you're affected by the CVE-2021-43527 vulnerability, it's crucial to take immediate action to protect your systems. To mitigate the risk, follow these simple steps:
Update to NSS version 3.73 or NSS 3.68.1 ESR, where the issue is fixed.
Ensure any applications relying on NSS for signature verification are using the updated versions.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2021-43527 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on December 8, 2021. To address this vulnerability, users should update their Network Security Services (NSS) to version 3.73 or 3.68.1 ESR, which contain the necessary fixes.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-787, an out-of-bounds write issue affecting Network Security Services (NSS) and various applications.
Learn More
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2021-43527 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 28, 2024
What is CVE-2021-43527?
CVE-2021-43527 is a critical vulnerability in Network Security Services (NSS) versions before 3.73 or 3.68.1 ESR. It involves a heap overflow when handling DER-encoded DSA or RSA-PSS signatures, affecting applications using NSS for signature verification, certificate validation, or TLS, X.509, OCSP, or CRL functionality. Systems with affected NSS versions, such as Thunderbird, LibreOffice, Evolution, and Evince, are at risk. The severity is rated 9.8 out of 10.
Who is impacted by CVE-2021-43527?
Users of NSS versions before 3.73 or 3.68.1 ESR are impacted. This includes applications handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12, such as Thunderbird, LibreOffice, Evolution, and Evince. The vulnerability affects versions between NSS 3.14 (for DSA) and NSS 3.34 (for RSA-PSS) up to the fixed versions.
What to do if CVE-2021-43527 affected you
If you're affected by the CVE-2021-43527 vulnerability, it's crucial to take immediate action to protect your systems. To mitigate the risk, follow these simple steps:
Update to NSS version 3.73 or NSS 3.68.1 ESR, where the issue is fixed.
Ensure any applications relying on NSS for signature verification are using the updated versions.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2021-43527 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on December 8, 2021. To address this vulnerability, users should update their Network Security Services (NSS) to version 3.73 or 3.68.1 ESR, which contain the necessary fixes.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-787, an out-of-bounds write issue affecting Network Security Services (NSS) and various applications.
Learn More
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions