Back to bug 2024370
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Tomas Hoger | 2021-11-18 13:42:16 UTC | CC | security-response-team | |
| Blocks | 2024371 | |||
| Blocks | 2024371 | 2024113 | ||
| Summary | EMBARGOED nss: *TBD* | EMBARGOED nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) | ||
| Doran Moppert | 2021-11-22 00:06:00 UTC | Depends On | 2025366, 2025365, 2025361, 2025363, 2025364, 2025362 | |
| Doran Moppert | 2021-11-22 00:07:50 UTC | CC | dmoppert, rrelyea | |
| Tomas Hoger | 2021-11-22 21:55:36 UTC | Flags | needinfo?(rrelyea) | |
| Hubert Kario | 2021-11-23 16:29:10 UTC | CC | hkario, ssorce | |
| Hubert Kario | 2021-11-23 16:50:05 UTC | CC | dueno | |
| Hubert Kario | 2021-11-23 17:24:47 UTC | Flags | needinfo?(rrelyea) | |
| Huzaifa S. Sidhpurwala | 2021-11-29 03:19:55 UTC | Alias | CVE-2021-43527 | |
| Summary | EMBARGOED nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) | EMBARGOED CVE-2021-43527 nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) | ||
| Huzaifa S. Sidhpurwala | 2021-11-29 03:20:38 UTC | Severity | medium | high |
| Priority | medium | high | ||
| Huzaifa S. Sidhpurwala | 2021-11-29 03:32:57 UTC | Depends On | 2027160, 2027166, 2027164, 2027162, 2027161, 2027163, 2027167, 2027165 | |
| Huzaifa S. Sidhpurwala | 2021-11-29 03:52:53 UTC | Comment | 0 | updated |
| Florencio Cano | 2021-11-29 08:17:10 UTC | CC | jburrell, vkumar | |
| Florencio Cano | 2021-11-29 08:28:06 UTC | Depends On | 2027248 | |
| Huzaifa S. Sidhpurwala | 2021-11-29 10:52:43 UTC | Deadline | 2021-12-06 | |
| Fixed In Version | nss 3.73.1 | |||
| Huzaifa S. Sidhpurwala | 2021-11-29 15:01:53 UTC | Priority | high | urgent |
| Severity | high | urgent | ||
| Huzaifa S. Sidhpurwala | 2021-11-29 15:04:49 UTC | Depends On | 2027409 | |
| Huzaifa S. Sidhpurwala | 2021-11-30 04:37:54 UTC | Doc Text | A remote code execution flaw was found in the way NSS verifies certificates. An attacker could pose as a SSL/TLS server which could trigger this flaw in a client application compiled with NSS when it tried to initiate a SSL/TLS connection. Similarly a server application compiled with NSS which processes client certificates could receive a malicious certificate via a client. | |
| Stoyan Nikolov | 2021-11-30 06:02:48 UTC | CC | michal.skrivanek, mperina, nobody, sbonazzo | |
| Stoyan Nikolov | 2021-11-30 06:04:42 UTC | Depends On | 2027574, 2027573 | |
| Florencio Cano | 2021-11-30 15:06:09 UTC | CC | acrosby, fcanogab, jtanner | |
| Florencio Cano | 2021-11-30 15:56:01 UTC | CC | kholdawa | |
| Florencio Cano | 2021-11-30 16:02:55 UTC | CC | aarif | |
| Kevan Holdaway | 2021-11-30 16:40:05 UTC | CC | aaiken | |
| RaTasha Tillery-Smith | 2021-11-30 20:00:43 UTC | Doc Text | A remote code execution flaw was found in the way NSS verifies certificates. An attacker could pose as a SSL/TLS server which could trigger this flaw in a client application compiled with NSS when it tried to initiate a SSL/TLS connection. Similarly a server application compiled with NSS which processes client certificates could receive a malicious certificate via a client. | A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker to pose as an SSL/TLS server, possibly triggering this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS, which processes client certificates, can receive a malicious certificate via a client. The highest threat to this vulnerability is confidentiality, integrity, as well as system availability. |
| Bob Relyea | 2021-11-30 20:06:23 UTC | Flags | needinfo?(snikolov) | |
| CC | snikolov | |||
| Fabio Olive Leite | 2021-11-30 21:20:26 UTC | Flags | needinfo?(rrelyea) | |
| Clifford Perry | 2021-11-30 22:53:14 UTC | CC | cperry | |
| Michael Kaplan | 2021-12-01 00:29:55 UTC | Deadline | 2021-12-06 | 2021-12-01 |
| Doran Moppert | 2021-12-01 05:06:00 UTC | CC | erack, jhorak, stransky, tpopela | |
| Doran Moppert | 2021-12-01 05:08:08 UTC | Depends On | 2027935, 2027936, 2027934 | |
| Bob Relyea | 2021-12-01 08:00:33 UTC | Flags | needinfo?(rrelyea) | |
| Stoyan Nikolov | 2021-12-01 08:41:49 UTC | Flags | needinfo?(snikolov) | |
| RaTasha Tillery-Smith | 2021-12-01 14:55:19 UTC | Doc Text | A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker to pose as an SSL/TLS server, possibly triggering this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS, which processes client certificates, can receive a malicious certificate via a client. The highest threat to this vulnerability is confidentiality, integrity, as well as system availability. | A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker to pose as an SSL/TLS server, possibly triggering this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS, which processes client certificates, can receive a malicious certificate via a client, triggering the flaw. The highest threat to this vulnerability is confidentiality, integrity, as well as system availability. |
| RaTasha Tillery-Smith | 2021-12-01 15:34:24 UTC | Doc Text | A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker to pose as an SSL/TLS server, possibly triggering this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS, which processes client certificates, can receive a malicious certificate via a client, triggering the flaw. The highest threat to this vulnerability is confidentiality, integrity, as well as system availability. | A remote code execution flaw was found in the way NSS verifies certificates. A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS, which processes client certificates, can receive a malicious certificate via a client, triggering the flaw. The highest threat to this vulnerability is confidentiality, integrity, as well as system availability. |
| Huzaifa S. Sidhpurwala | 2021-12-01 16:02:43 UTC | Fixed In Version | nss 3.73.1 | nss 3.73.0 |
| Huzaifa S. Sidhpurwala | 2021-12-01 16:50:09 UTC | Doc Text | A remote code execution flaw was found in the way NSS verifies certificates. A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS, which processes client certificates, can receive a malicious certificate via a client, triggering the flaw. The highest threat to this vulnerability is confidentiality, integrity, as well as system availability. | A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS, which processes client certificates, can receive a malicious certificate via a client, triggering the flaw. The highest threat to this vulnerability is confidentiality, integrity, as well as system availability. |
| Huzaifa S. Sidhpurwala | 2021-12-01 16:50:52 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2021-43527 nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) | CVE-2021-43527 nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) | ||
| CC | crypto-team, elio.maldonado.batiz, kai-engert-fedora, kdudka, nss-nspr-maint, rh-spice-bugs | |||
| Deadline | 2021-12-01 | |||
| Huzaifa S. Sidhpurwala | 2021-12-01 16:51:19 UTC | Depends On | 2028186 | |
| Steve Barcomb | 2021-12-01 17:51:52 UTC | CC | sbarcomb | |
| errata-xmlrpc | 2021-12-01 18:12:45 UTC | Link ID | Red Hat Product Errata RHSA-2021:4903 | |
| errata-xmlrpc | 2021-12-01 18:37:10 UTC | Link ID | Red Hat Product Errata RHSA-2021:4904 | |
| errata-xmlrpc | 2021-12-01 22:23:14 UTC | Link ID | Red Hat Product Errata RHSA-2021:4907 | |
| errata-xmlrpc | 2021-12-02 09:04:37 UTC | Link ID | Red Hat Product Errata RHSA-2021:4909 | |
| Tomas Hoger | 2021-12-02 11:26:46 UTC | Fixed In Version | nss 3.73.0 | nss 3.73.0, nss 3.68.1 |
| errata-xmlrpc | 2021-12-02 14:33:08 UTC | Link ID | Red Hat Product Errata RHBA-2021:4911 | |
| errata-xmlrpc | 2021-12-02 15:14:41 UTC | Link ID | Red Hat Product Errata RHBA-2021:4912 | |
| Têko Mihinto | 2021-12-02 16:06:31 UTC | CC | tmihinto | |
| errata-xmlrpc | 2021-12-02 18:25:51 UTC | Link ID | Red Hat Product Errata RHSA-2021:4919 | |
| errata-xmlrpc | 2021-12-02 19:02:49 UTC | Link ID | Red Hat Product Errata RHBA-2021:4921 | |
| errata-xmlrpc | 2021-12-02 19:05:06 UTC | Link ID | Red Hat Product Errata RHBA-2021:4920 | |
| errata-xmlrpc | 2021-12-02 19:05:40 UTC | Link ID | Red Hat Product Errata RHBA-2021:4922 | |
| errata-xmlrpc | 2021-12-02 19:10:36 UTC | Link ID | Red Hat Product Errata RHBA-2021:4923 | |
| errata-xmlrpc | 2021-12-02 19:20:20 UTC | Link ID | Red Hat Product Errata RHBA-2021:4924 | |
| Tomas Popela | 2021-12-03 12:29:46 UTC | CC | tpelka | |
| Tomas Pelka | 2021-12-03 12:37:10 UTC | Flags | needinfo?(hkario) | |
| Tomas Pelka | 2021-12-03 12:40:16 UTC | Flags | needinfo?(hkario) | |
| errata-xmlrpc | 2021-12-06 01:17:37 UTC | Link ID | Red Hat Product Errata RHBA-2021:4928 | |
| errata-xmlrpc | 2021-12-06 01:20:24 UTC | Link ID | Red Hat Product Errata RHBA-2021:4926 | |
| errata-xmlrpc | 2021-12-06 01:24:13 UTC | Link ID | Red Hat Product Errata RHBA-2021:4927 | |
| errata-xmlrpc | 2021-12-06 08:51:43 UTC | Link ID | Red Hat Product Errata RHSA-2021:4932 | |
| errata-xmlrpc | 2021-12-06 09:00:32 UTC | Link ID | Red Hat Product Errata RHSA-2021:4933 | |
| errata-xmlrpc | 2021-12-06 11:55:37 UTC | Link ID | Red Hat Product Errata RHBA-2021:4936 | |
| errata-xmlrpc | 2021-12-06 11:56:07 UTC | Link ID | Red Hat Product Errata RHBA-2021:4935 | |
| errata-xmlrpc | 2021-12-06 11:58:09 UTC | Link ID | Red Hat Product Errata RHBA-2021:4939 | |
| errata-xmlrpc | 2021-12-06 11:58:26 UTC | Link ID | Red Hat Product Errata RHBA-2021:4940 | |
| errata-xmlrpc | 2021-12-06 11:58:35 UTC | Link ID | Red Hat Product Errata RHBA-2021:4941 | |
| errata-xmlrpc | 2021-12-06 11:59:06 UTC | Link ID | Red Hat Product Errata RHBA-2021:4942 | |
| errata-xmlrpc | 2021-12-06 12:00:26 UTC | Link ID | Red Hat Product Errata RHBA-2021:4943 | |
| errata-xmlrpc | 2021-12-06 12:02:06 UTC | Link ID | Red Hat Product Errata RHBA-2021:4938 | |
| errata-xmlrpc | 2021-12-06 12:05:30 UTC | Link ID | Red Hat Product Errata RHBA-2021:4945 | |
| errata-xmlrpc | 2021-12-06 12:05:51 UTC | Link ID | Red Hat Product Errata RHBA-2021:4944 | |
| errata-xmlrpc | 2021-12-06 12:47:29 UTC | Link ID | Red Hat Product Errata RHSA-2021:4946 | |
| errata-xmlrpc | 2021-12-06 13:11:19 UTC | Link ID | Red Hat Product Errata RHBA-2021:4934 | |
| errata-xmlrpc | 2021-12-06 13:33:23 UTC | Link ID | Red Hat Product Errata RHBA-2021:4947 | |
| errata-xmlrpc | 2021-12-06 16:52:43 UTC | Link ID | Red Hat Product Errata RHBA-2021:4951 | |
| errata-xmlrpc | 2021-12-06 17:36:53 UTC | Link ID | Red Hat Product Errata RHBA-2021:4950 | |
| errata-xmlrpc | 2021-12-06 19:05:25 UTC | Link ID | Red Hat Product Errata RHSA-2021:4953 | |
| errata-xmlrpc | 2021-12-06 19:28:21 UTC | Link ID | Red Hat Product Errata RHSA-2021:4954 | |
| errata-xmlrpc | 2021-12-06 19:37:12 UTC | Link ID | Red Hat Product Errata RHBA-2021:4955 | |
| errata-xmlrpc | 2021-12-06 19:43:28 UTC | Link ID | Red Hat Product Errata RHBA-2021:4958 | |
| errata-xmlrpc | 2021-12-06 19:43:56 UTC | Link ID | Red Hat Product Errata RHBA-2021:4959 | |
| errata-xmlrpc | 2021-12-06 19:45:09 UTC | Link ID | Red Hat Product Errata RHBA-2021:4957 | |
| errata-xmlrpc | 2021-12-06 19:45:39 UTC | Link ID | Red Hat Product Errata RHBA-2021:4960 | |
| errata-xmlrpc | 2021-12-06 19:47:44 UTC | Link ID | Red Hat Product Errata RHBA-2021:4961 | |
| errata-xmlrpc | 2021-12-06 20:04:44 UTC | Link ID | Red Hat Product Errata RHBA-2021:4964 | |
| errata-xmlrpc | 2021-12-06 20:05:22 UTC | Link ID | Red Hat Product Errata RHBA-2021:4963 | |
| errata-xmlrpc | 2021-12-06 22:10:03 UTC | Link ID | Red Hat Product Errata RHBA-2021:4967 | |
| errata-xmlrpc | 2021-12-06 22:21:02 UTC | Link ID | Red Hat Product Errata RHBA-2021:4968 | |
| errata-xmlrpc | 2021-12-06 22:38:34 UTC | Link ID | Red Hat Product Errata RHSA-2021:4969 | |
| errata-xmlrpc | 2021-12-07 12:06:48 UTC | Link ID | Red Hat Product Errata RHBA-2021:4979 | |
| errata-xmlrpc | 2021-12-07 12:10:46 UTC | Link ID | Red Hat Product Errata RHBA-2021:4978 | |
| errata-xmlrpc | 2021-12-07 12:22:00 UTC | Link ID | Red Hat Product Errata RHBA-2021:4980 | |
| errata-xmlrpc | 2021-12-07 13:58:38 UTC | Link ID | Red Hat Product Errata RHBA-2021:4982 | |
| errata-xmlrpc | 2021-12-07 13:59:12 UTC | Link ID | Red Hat Product Errata RHBA-2021:4983 | |
| errata-xmlrpc | 2021-12-07 14:01:30 UTC | Link ID | Red Hat Product Errata RHBA-2021:4985 | |
| errata-xmlrpc | 2021-12-07 14:01:41 UTC | Link ID | Red Hat Product Errata RHBA-2021:4984 | |
| errata-xmlrpc | 2021-12-07 14:06:35 UTC | Link ID | Red Hat Product Errata RHBA-2021:4988 | |
| errata-xmlrpc | 2021-12-07 14:07:17 UTC | Link ID | Red Hat Product Errata RHBA-2021:4989 | |
| errata-xmlrpc | 2021-12-07 14:12:57 UTC | Link ID | Red Hat Product Errata RHBA-2021:4990 | |
| errata-xmlrpc | 2021-12-07 15:23:55 UTC | Link ID | Red Hat Product Errata RHBA-2021:4993 | |
| errata-xmlrpc | 2021-12-07 15:43:55 UTC | Link ID | Red Hat Product Errata RHSA-2021:4994 | |
| errata-xmlrpc | 2021-12-07 16:26:30 UTC | Link ID | Red Hat Product Errata RHBA-2021:4995 | |
| errata-xmlrpc | 2021-12-07 20:30:35 UTC | Link ID | Red Hat Product Errata RHBA-2021:4996 | |
| errata-xmlrpc | 2021-12-08 00:35:33 UTC | Link ID | Red Hat Product Errata RHBA-2021:4997 | |
| errata-xmlrpc | 2021-12-08 07:40:06 UTC | CC | hasuzuki | |
| Link ID | Red Hat Product Errata RHSA-2021:5006 | |||
| errata-xmlrpc | 2021-12-08 08:47:18 UTC | Link ID | Red Hat Product Errata RHBA-2021:5007 | |
| errata-xmlrpc | 2021-12-08 12:26:13 UTC | Link ID | Red Hat Product Errata RHBA-2021:5018 | |
| errata-xmlrpc | 2021-12-08 13:42:13 UTC | Link ID | Red Hat Product Errata RHBA-2021:5019 | |
| errata-xmlrpc | 2021-12-08 14:35:11 UTC | Link ID | Red Hat Product Errata RHBA-2021:5021 | |
| errata-xmlrpc | 2021-12-08 14:42:12 UTC | Link ID | Red Hat Product Errata RHBA-2021:5023 | |
| errata-xmlrpc | 2021-12-08 15:14:48 UTC | Link ID | Red Hat Product Errata RHBA-2021:5025 | |
| errata-xmlrpc | 2021-12-08 18:28:56 UTC | Link ID | Red Hat Product Errata RHSA-2021:5035 | |
| Product Security DevOps Team | 2021-12-08 19:34:19 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2021-12-08 19:34:19 UTC | |||
| errata-xmlrpc | 2021-12-09 17:44:25 UTC | Link ID | Red Hat Product Errata RHBA-2021:5062 | |
| errata-xmlrpc | 2021-12-09 18:16:31 UTC | Link ID | Red Hat Product Errata RHBA-2021:5063 | |
| errata-xmlrpc | 2021-12-09 19:16:22 UTC | Link ID | Red Hat Product Errata RHBA-2021:5064 | |
| errata-xmlrpc | 2021-12-13 14:14:38 UTC | Link ID | Red Hat Product Errata RHBA-2021:5084 | |
| errata-xmlrpc | 2021-12-14 14:05:31 UTC | Link ID | Red Hat Product Errata RHBA-2021:5121 | |
| errata-xmlrpc | 2021-12-15 12:05:06 UTC | Link ID | Red Hat Product Errata RHBA-2021:5143 | |
| errata-xmlrpc | 2021-12-16 17:29:45 UTC | Link ID | Red Hat Product Errata RHBA-2021:5189 | |
| Will Russell | 2022-01-11 21:02:44 UTC | CC | wrussell | |
| Flags | needinfo?(security-response-team) | |||
| Product Security DevOps Team | 2022-01-11 22:00:48 UTC | Flags | needinfo?(security-response-team) | needinfo?(huzaifas) |
| CC | huzaifas | |||
| Huzaifa S. Sidhpurwala | 2022-01-12 04:01:30 UTC | Flags | needinfo?(huzaifas) | |
| Mauro Matteo Cascella | 2022-05-12 15:04:28 UTC | Summary | CVE-2021-43527 nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) | CVE-2021-43527 CVE-2021-43529 nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) |
| Alias | CVE-2021-43529 | |||
| Mauro Matteo Cascella | 2022-05-19 09:36:49 UTC | Summary | CVE-2021-43527 CVE-2021-43529 nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) | CVE-2021-43527 nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) |
| Alias | CVE-2021-43529 |
Back to bug 2024370