Search for packages
| purl | pkg:alpm/archlinux/nss@3.72-2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6jzj-cgtw-aaak
Aliases: CVE-2021-43527 |
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T07:45:22.388023+00:00 | Arch Linux Importer | Affected by | VCID-6jzj-cgtw-aaak | https://security.archlinux.org/AVG-2596 | 36.0.0 |
| 2024-09-18T02:00:18.085357+00:00 | Arch Linux Importer | Affected by | VCID-6jzj-cgtw-aaak | https://security.archlinux.org/AVG-2596 | 34.0.1 |
| 2024-01-23T15:32:14.656746+00:00 | Arch Linux Importer | Affected by | VCID-6jzj-cgtw-aaak | https://security.archlinux.org/AVG-2596 | 34.0.0rc2 |
| 2024-01-03T22:26:32.885318+00:00 | Arch Linux Importer | Affected by | VCID-6jzj-cgtw-aaak | https://security.archlinux.org/AVG-2596 | 34.0.0rc1 |