CVE-2021-43527

Published: Dic 08, 2021 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2021-30456 Aliases: GSD-2021-43527
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH 7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0524
Percentile
0,9th
Updated

EPSS Score Trend (Last 90 Days)

787

Out-of-bounds Write

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability Other
Potential Impacts:
Modify Memory Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Unexpected State
Applicable Platforms
Languages: Assembly, C, C++, Memory-Unsafe
Technologies: ICS/OT
Likelihood of Exploit: High
View CWE Details
Application

Communications Policy Management by Oracle

Product Information
Vendor Oracle
Product Communications Policy Management
Version 12.6.0.0.0
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Cloud Native Core Binding Support Function by Oracle

Product Information
Vendor Oracle
Product Communications Cloud Native Core Binding Support Function
Version 1.11.0
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Cloud Native Core Network Slice Selection Function by Oracle

Product Information
Vendor Oracle
Product Communications Cloud Native Core Network Slice Selection Function
Version 1.8.0
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Cloud Backup by Netapp

Product Information
Vendor Netapp
Product Cloud Backup
Version -
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Cloud Native Core Network Repository Function by Oracle

Product Information
Vendor Oracle
Product Communications Cloud Native Core Network Repository Function
Version 1.15.0
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

E-Series Santricity Os Controller by Netapp

Product Information
Vendor Netapp
Product E-Series Santricity Os Controller
Version Range Affected
From 11.0 (inclusive)
To 11.70.1 (inclusive)
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Starwind San \& Nas by Starwindsoftware

Product Information
Vendor Starwindsoftware
Product Starwind San \& Nas
Version v8r13
cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r13:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Nss Esr by Mozilla

Product Information
Vendor Mozilla
Product Nss Esr
Version Range Affected
To 3.68.1 (exclusive)
cpe:2.3:a:mozilla:nss_esr:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Starwind Virtual San by Starwindsoftware

Product Information
Vendor Starwindsoftware
Product Starwind Virtual San
Version v8r13
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Cloud Native Core Network Repository Function by Oracle

Product Information
Vendor Oracle
Product Communications Cloud Native Core Network Repository Function
Version 1.15.1
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Nss by Mozilla

Product Information
Vendor Mozilla
Product Nss
Version Range Affected
To 3.73 (exclusive)
cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://bugzilla.mozilla.org/show_bug.cgi?id=1737470
Issue Tracking Permissions Required Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1737470
https://cert-portal.siemens.com/productcert/pdf/ssa-594438.…
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_…
Vendor Advisory
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_…
Vendor Advisory
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/
https://security.gentoo.org/glsa/202212-05
Third Party Advisory
https://security.gentoo.org/glsa/202212-05
https://security.netapp.com/advisory/ntap-20211229-0002/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20211229-0002/
https://www.mozilla.org/security/advisories/mfsa2021-51/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-51/
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.starwindsoftware.com/security/sw-20220802-0001/
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220802-0001/
https://bugzilla.mozilla.org/show_bug.cgi?id=1737470
Issue Tracking Permissions Required Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1737470
https://cert-portal.siemens.com/productcert/pdf/ssa-594438.…
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_…
Vendor Advisory
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_…
Vendor Advisory
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/
https://security.gentoo.org/glsa/202212-05
Third Party Advisory
https://security.gentoo.org/glsa/202212-05
https://security.netapp.com/advisory/ntap-20211229-0002/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20211229-0002/
https://www.mozilla.org/security/advisories/mfsa2021-51/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-51/
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.starwindsoftware.com/security/sw-20220802-0001/
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220802-0001/