{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1277?format=json","vulnerability_id":"VCID-yjyn-kpq2-qkb7","summary":"NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \\#7, or PKCS \\#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted.","aliases":[{"alias":"CVE-2021-43527"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2154?format=json","purl":"pkg:alpm/archlinux/lib32-nss@3.73-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/lib32-nss@3.73-1"},{"url":"http://public2.vulnerablecode.io/api/packages/2156?format=json","purl":"pkg:alpm/archlinux/nss@3.73-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/nss@3.73-1"},{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-xavu-ygkk-u3fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/700?format=json","purl":"pkg:mozilla/NSS@3.68.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/NSS@3.68.1"},{"url":"http://public2.vulnerablecode.io/api/packages/701?format=json","purl":"pkg:mozilla/NSS@3.73.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/NSS@3.73.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2153?format=json","purl":"pkg:alpm/archlinux/lib32-nss@3.72-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/lib32-nss@3.72-2"},{"url":"http://public2.vulnerablecode.io/api/packages/2155?format=json","purl":"pkg:alpm/archlinux/nss@3.72-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/nss@3.72-2"},{"url":"http://public2.vulnerablecode.io/api/packages/4082?format=json","purl":"pkg:deb/debian/nss@3.12.3.1-0lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-4gzd-m5g6-rbgm"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-atus-ryef-17h1"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c2jb-u1sf-xkgr"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mg1g-83ha-ekgc"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-wh5f-gkuv-q3ep"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@3.12.3.1-0lenny7"},{"url":"http://public2.vulnerablecode.io/api/packages/4083?format=json","purl":"pkg:deb/debian/nss@3.12.8-1%2Bsqueeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-4gzd-m5g6-rbgm"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-wh5f-gkuv-q3ep"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@3.12.8-1%252Bsqueeze7"},{"url":"http://public2.vulnerablecode.io/api/packages/4084?format=json","purl":"pkg:deb/debian/nss@3.12.8-1%2Bsqueeze14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-4gzd-m5g6-rbgm"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-wh5f-gkuv-q3ep"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@3.12.8-1%252Bsqueeze14"},{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/5017?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"}],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527"},{"reference_url":"https://security.archlinux.org/ASA-202112-3","reference_id":"ASA-202112-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-3"},{"reference_url":"https://security.archlinux.org/ASA-202112-4","reference_id":"ASA-202112-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-4"},{"reference_url":"https://security.archlinux.org/AVG-2596","reference_id":"AVG-2596","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2596"},{"reference_url":"https://security.archlinux.org/AVG-2597","reference_id":"AVG-2597","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2597"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-51","reference_id":"mfsa2021-51","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-51"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjyn-kpq2-qkb7"}