VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-6jzj-cgtw-aaak

Essentials
Severities (105)
References (49)
Severity details (10)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-6jzj-cgtw-aaak
Aliases	CVE-2021-43527
Summary	NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. Note: This vulnerability does NOT impact Mozilla Firefox. However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-787	Out-of-bounds Write
CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

System	Score	Found at
rhas	Critical	https://access.redhat.com/errata/RHSA-2021:4903
rhas	Critical	https://access.redhat.com/errata/RHSA-2021:4904
rhas	Critical	https://access.redhat.com/errata/RHSA-2021:4907
rhas	Critical	https://access.redhat.com/errata/RHSA-2021:4909
rhas	Critical	https://access.redhat.com/errata/RHSA-2021:4919
rhas	Critical	https://access.redhat.com/errata/RHSA-2021:4932
rhas	Critical	https://access.redhat.com/errata/RHSA-2021:4933
rhas	Critical	https://access.redhat.com/errata/RHSA-2021:4946
rhas	Critical	https://access.redhat.com/errata/RHSA-2021:4953
rhas	Critical	https://access.redhat.com/errata/RHSA-2021:4954
rhas	Critical	https://access.redhat.com/errata/RHSA-2021:4969
rhas	Critical	https://access.redhat.com/errata/RHSA-2021:4994
rhas	Critical	https://access.redhat.com/errata/RHSA-2021:5006
rhas	Critical	https://access.redhat.com/errata/RHSA-2021:5035
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43527.json
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.00906	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.00906	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.00906	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.00906	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05243	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05267	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05267	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05267	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05267	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05267	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.0538	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.0538	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.0538	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.0538	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.0538	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.0538	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.0538	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.0538	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.0538	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05404	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.05404	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
epss	0.2255	https://api.first.org/data/v1/epss?cve=CVE-2021-43527
rhbs	urgent	https://bugzilla.redhat.com/show_bug.cgi?id=2024370
cvssv3.1	8.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-43527
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2021-43527
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2021-43527
archlinux	High	https://security.archlinux.org/AVG-2596
archlinux	High	https://security.archlinux.org/AVG-2597
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2021-51
cvssv3.1	5.3	https://www.oracle.com/security-alerts/cpuapr2022.html
generic_textual	MODERATE	https://www.oracle.com/security-alerts/cpuapr2022.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43527.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-43527
		https://bugzilla.mozilla.org/show_bug.cgi?id=1737470
		https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527
		https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/
		https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.gentoo.org/glsa/202212-05
		https://security.netapp.com/advisory/ntap-20211229-0002/
		https://www.mozilla.org/security/advisories/mfsa2021-51/
		https://www.oracle.com/security-alerts/cpuapr2022.html
		https://www.starwindsoftware.com/security/sw-20220802-0001/
2024370		https://bugzilla.redhat.com/show_bug.cgi?id=2024370
ASA-202112-3		https://security.archlinux.org/ASA-202112-3
ASA-202112-4		https://security.archlinux.org/ASA-202112-4
AVG-2596		https://security.archlinux.org/AVG-2596
AVG-2597		https://security.archlinux.org/AVG-2597
cpe:2.3:a:mozilla:nss::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:nss::::::::
cpe:2.3:a:mozilla:nss_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:nss_esr::::::::
cpe:2.3:a:netapp:cloud_backup:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:::::::*
cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:::::::*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:::::::*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:::::::*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:::::::*
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:::::::*
cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r13:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r13:::::::*
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398::::::
CVE-2021-43527		https://nvd.nist.gov/vuln/detail/CVE-2021-43527
mfsa2021-51		https://www.mozilla.org/en-US/security/advisories/mfsa2021-51
RHSA-2021:4903		https://access.redhat.com/errata/RHSA-2021:4903
RHSA-2021:4904		https://access.redhat.com/errata/RHSA-2021:4904
RHSA-2021:4907		https://access.redhat.com/errata/RHSA-2021:4907
RHSA-2021:4909		https://access.redhat.com/errata/RHSA-2021:4909
RHSA-2021:4919		https://access.redhat.com/errata/RHSA-2021:4919
RHSA-2021:4932		https://access.redhat.com/errata/RHSA-2021:4932
RHSA-2021:4933		https://access.redhat.com/errata/RHSA-2021:4933
RHSA-2021:4946		https://access.redhat.com/errata/RHSA-2021:4946
RHSA-2021:4953		https://access.redhat.com/errata/RHSA-2021:4953
RHSA-2021:4954		https://access.redhat.com/errata/RHSA-2021:4954
RHSA-2021:4969		https://access.redhat.com/errata/RHSA-2021:4969
RHSA-2021:4994		https://access.redhat.com/errata/RHSA-2021:4994
RHSA-2021:5006		https://access.redhat.com/errata/RHSA-2021:5006
RHSA-2021:5035		https://access.redhat.com/errata/RHSA-2021:5035
USN-5168-1		https://usn.ubuntu.com/5168-1/
USN-5168-2		https://usn.ubuntu.com/5168-2/
USN-5168-3		https://usn.ubuntu.com/5168-3/
USN-5168-4		https://usn.ubuntu.com/5168-4/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43527.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43527

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43527

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43527

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.oracle.com/security-alerts/cpuapr2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.81483
EPSS Score	0.00756
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.