First published: Wed Nov 17 2021(Updated: )
A flaw was found in the way NSS verifies certificates. That will happen both when client reads the Certificate message from the server or when server is configured to ask for client certificates and then receives one. Firefox is not vulnerable as it uses the mozilla::pkix for certificate verification. Crucially, NSS fully parses the certificate before any other checks, so disabled signature methods or certificate types don't impact exploitability. Any TLS and DTLS client that does use NSS built in certificate verification routines is vulnerable as well as any server that has certificate based client authentication enabled. But the issue is not limited to TLS, any applications that use certificate verification are vulnerable, S/MIME is impacted too.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/nss | <0:3.44.0-12.el6_10 | 0:3.44.0-12.el6_10 |
redhat/nss | <0:3.67.0-4.el7_9 | 0:3.67.0-4.el7_9 |
redhat/nss | <0:3.28.4-2.el7_3 | 0:3.28.4-2.el7_3 |
redhat/nss | <0:3.28.4-18.el7_4 | 0:3.28.4-18.el7_4 |
redhat/nss | <0:3.36.0-10.2.el7_6 | 0:3.36.0-10.2.el7_6 |
redhat/nss | <0:3.44.0-8.el7_7 | 0:3.44.0-8.el7_7 |
redhat/nss | <0:3.67.0-7.el8_5 | 0:3.67.0-7.el8_5 |
redhat/nss | <0:3.44.0-10.el8_1 | 0:3.44.0-10.el8_1 |
redhat/thunderbird | <0:91.3.0-3.el8_1 | 0:91.3.0-3.el8_1 |
redhat/nss | <0:3.53.1-12.el8_2 | 0:3.53.1-12.el8_2 |
redhat/thunderbird | <0:91.3.0-3.el8_2 | 0:91.3.0-3.el8_2 |
redhat/nss | <0:3.67.0-7.el8_4 | 0:3.67.0-7.el8_4 |
redhat/redhat-virtualization-host | <0:4.3.20-20211202.1.el7_9 | 0:4.3.20-20211202.1.el7_9 |
Mozilla NSS | <3.68.1 | 3.68.1 |
Mozilla NSS | <3.73 | 3.73 |
redhat/nss | <3.73.0 | 3.73.0 |
redhat/nss | <3.68.1 | 3.68.1 |
Mozilla NSS | <3.73 | |
Mozilla Nss Esr | <3.68.1 | |
Netapp Cloud Backup | ||
NetApp E-Series SANtricity OS Controller | >=11.0<=11.70.1 | |
Oracle Communications Cloud Native Core Binding Support Function | =1.11.0 | |
Oracle Communications Cloud Native Core Network Repository Function | =1.15.0 | |
Oracle Communications Cloud Native Core Network Repository Function | =1.15.1 | |
Oracle Communications Cloud Native Core Network Slice Selection Function | =1.8.0 | |
Oracle Communications Policy Management | =12.6.0.0.0 | |
Starwindsoftware Starwind San \& Nas | =v8r13 | |
Starwindsoftware Starwind Virtual San | =v8r13-14398 |
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2021-43527 is a remote code execution vulnerability in NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR.
The severity of CVE-2021-43527 is critical with a CVSS score of 9.8.
Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted by CVE-2021-43527.
To fix CVE-2021-43527, upgrade NSS to version 3.73.0 or 3.68.1 ESR.
You can find more information about CVE-2021-43527 at the following references: [Link 1](https://bugzilla.mozilla.org/show_bug.cgi?id=1737470), [Link 2](https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/), [Link 3](https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/).