CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2021-43527

CVSS 9.8v3.1pub. 2021-12-08upd. 2024-11-21

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mozilla Nss

    APP
    Mozilla
    < 3.73
  • Mozilla Nss Esr

    APP
    Mozilla
    < 3.68.1
  • Netapp Cloud Backup

    APP
    Netapp
    wszystkie wersje
  • Netapp E Series Santricity Os Controller

    APP
    Netapp
    11.0 – 11.70.1
  • Oracle Communications Cloud Native Core Binding Support Function

    APP
    Oracle
    1.11.0
  • Oracle Communications Cloud Native Core Network Repository Function

    APP
    Oracle
    1.15.01.15.1
  • Oracle Communications Cloud Native Core Network Slice Selection Function

    APP
    Oracle
    1.8.0
  • Oracle Communications Policy Management

    APP
    Oracle
    12.6.0.0.0
  • Starwindsoftware Starwind San \& Nas

    APP
    Starwindsoftware
    v8r13
  • Starwindsoftware Starwind Virtual San

    APP
    Starwindsoftware
    v8r13
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2022-22947CRITICAL10.0⚠ KEVten sam produkt

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection ...

CVE-2021-42013CRITICAL9.8⚠ KEVten sam produkt

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could ...

CVE-2021-41773CRITICAL9.8⚠ KEVten sam produkt

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a ...