Bug 2024370 (CVE-2021-43527) - CVE-2021-43527 nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)
Summary: CVE-2021-43527 nss: Memory corruption in decodeECorDsaSignature with DSA sign...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-43527
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2025361 2025362 2025363 2025364 2025365 2025366 2027160 2027161 2027162 2027163 2027164 2027165 2027166 2027167 2027248 2027409 2027573 2027574 2027934 2027935 2027936 2028186
Blocks: 2024113
TreeView+ depends on / blocked
 
Reported: 2021-11-17 23:31 UTC by msiddiqu
Modified: 2023-10-24 20:18 UTC (History)
41 users (show)

Fixed In Version: nss 3.73.0, nss 3.68.1
Doc Type: If docs needed, set a value
Doc Text:
A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS, which processes client certificates, can receive a malicious certificate via a client, triggering the flaw. The highest threat to this vulnerability is confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed: 2021-12-08 19:34:19 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:4911 0 None None None 2021-12-02 14:33:08 UTC
Red Hat Product Errata RHBA-2021:4912 0 None None None 2021-12-02 15:14:40 UTC
Red Hat Product Errata RHBA-2021:4920 0 None None None 2021-12-02 19:05:06 UTC
Red Hat Product Errata RHBA-2021:4921 0 None None None 2021-12-02 19:02:49 UTC
Red Hat Product Errata RHBA-2021:4922 0 None None None 2021-12-02 19:05:39 UTC
Red Hat Product Errata RHBA-2021:4923 0 None None None 2021-12-02 19:10:36 UTC
Red Hat Product Errata RHBA-2021:4924 0 None None None 2021-12-02 19:20:20 UTC
Red Hat Product Errata RHBA-2021:4926 0 None None None 2021-12-06 01:20:24 UTC
Red Hat Product Errata RHBA-2021:4927 0 None None None 2021-12-06 01:24:12 UTC
Red Hat Product Errata RHBA-2021:4928 0 None None None 2021-12-06 01:17:36 UTC
Red Hat Product Errata RHBA-2021:4934 0 None None None 2021-12-06 13:11:19 UTC
Red Hat Product Errata RHBA-2021:4935 0 None None None 2021-12-06 11:56:06 UTC
Red Hat Product Errata RHBA-2021:4936 0 None None None 2021-12-06 11:55:37 UTC
Red Hat Product Errata RHBA-2021:4938 0 None None None 2021-12-06 12:02:05 UTC
Red Hat Product Errata RHBA-2021:4939 0 None None None 2021-12-06 11:58:08 UTC
Red Hat Product Errata RHBA-2021:4940 0 None None None 2021-12-06 11:58:26 UTC
Red Hat Product Errata RHBA-2021:4941 0 None None None 2021-12-06 11:58:35 UTC
Red Hat Product Errata RHBA-2021:4942 0 None None None 2021-12-06 11:59:05 UTC
Red Hat Product Errata RHBA-2021:4943 0 None None None 2021-12-06 12:00:26 UTC
Red Hat Product Errata RHBA-2021:4944 0 None None None 2021-12-06 12:05:51 UTC
Red Hat Product Errata RHBA-2021:4945 0 None None None 2021-12-06 12:05:30 UTC
Red Hat Product Errata RHBA-2021:4947 0 None None None 2021-12-06 13:33:22 UTC
Red Hat Product Errata RHBA-2021:4950 0 None None None 2021-12-06 17:36:52 UTC
Red Hat Product Errata RHBA-2021:4951 0 None None None 2021-12-06 16:52:42 UTC
Red Hat Product Errata RHBA-2021:4955 0 None None None 2021-12-06 19:37:11 UTC
Red Hat Product Errata RHBA-2021:4957 0 None None None 2021-12-06 19:45:09 UTC
Red Hat Product Errata RHBA-2021:4958 0 None None None 2021-12-06 19:43:27 UTC
Red Hat Product Errata RHBA-2021:4959 0 None None None 2021-12-06 19:43:55 UTC
Red Hat Product Errata RHBA-2021:4960 0 None None None 2021-12-06 19:45:38 UTC
Red Hat Product Errata RHBA-2021:4961 0 None None None 2021-12-06 19:47:44 UTC
Red Hat Product Errata RHBA-2021:4963 0 None None None 2021-12-06 20:05:21 UTC
Red Hat Product Errata RHBA-2021:4964 0 None None None 2021-12-06 20:04:44 UTC
Red Hat Product Errata RHBA-2021:4967 0 None None None 2021-12-06 22:10:03 UTC
Red Hat Product Errata RHBA-2021:4968 0 None None None 2021-12-06 22:21:02 UTC
Red Hat Product Errata RHBA-2021:4978 0 None None None 2021-12-07 12:10:45 UTC
Red Hat Product Errata RHBA-2021:4979 0 None None None 2021-12-07 12:06:47 UTC
Red Hat Product Errata RHBA-2021:4980 0 None None None 2021-12-07 12:22:00 UTC
Red Hat Product Errata RHBA-2021:4982 0 None None None 2021-12-07 13:58:37 UTC
Red Hat Product Errata RHBA-2021:4983 0 None None None 2021-12-07 13:59:11 UTC
Red Hat Product Errata RHBA-2021:4984 0 None None None 2021-12-07 14:01:40 UTC
Red Hat Product Errata RHBA-2021:4985 0 None None None 2021-12-07 14:01:30 UTC
Red Hat Product Errata RHBA-2021:4988 0 None None None 2021-12-07 14:06:34 UTC
Red Hat Product Errata RHBA-2021:4989 0 None None None 2021-12-07 14:07:17 UTC
Red Hat Product Errata RHBA-2021:4990 0 None None None 2021-12-07 14:12:57 UTC
Red Hat Product Errata RHBA-2021:4993 0 None None None 2021-12-07 15:23:54 UTC
Red Hat Product Errata RHBA-2021:4995 0 None None None 2021-12-07 16:26:29 UTC
Red Hat Product Errata RHBA-2021:4996 0 None None None 2021-12-07 20:30:34 UTC
Red Hat Product Errata RHBA-2021:4997 0 None None None 2021-12-08 00:35:33 UTC
Red Hat Product Errata RHBA-2021:5007 0 None None None 2021-12-08 08:47:18 UTC
Red Hat Product Errata RHBA-2021:5018 0 None None None 2021-12-08 12:26:13 UTC
Red Hat Product Errata RHBA-2021:5019 0 None None None 2021-12-08 13:42:13 UTC
Red Hat Product Errata RHBA-2021:5021 0 None None None 2021-12-08 14:35:11 UTC
Red Hat Product Errata RHBA-2021:5023 0 None None None 2021-12-08 14:42:12 UTC
Red Hat Product Errata RHBA-2021:5025 0 None None None 2021-12-08 15:14:48 UTC
Red Hat Product Errata RHBA-2021:5062 0 None None None 2021-12-09 17:44:25 UTC
Red Hat Product Errata RHBA-2021:5063 0 None None None 2021-12-09 18:16:30 UTC
Red Hat Product Errata RHBA-2021:5064 0 None None None 2021-12-09 19:16:22 UTC
Red Hat Product Errata RHBA-2021:5084 0 None None None 2021-12-13 14:14:38 UTC
Red Hat Product Errata RHBA-2021:5121 0 None None None 2021-12-14 14:05:30 UTC
Red Hat Product Errata RHBA-2021:5143 0 None None None 2021-12-15 12:05:05 UTC
Red Hat Product Errata RHBA-2021:5189 0 None None None 2021-12-16 17:29:44 UTC
Red Hat Product Errata RHSA-2021:4903 0 None None None 2021-12-01 18:12:45 UTC
Red Hat Product Errata RHSA-2021:4904 0 None None None 2021-12-01 18:37:10 UTC
Red Hat Product Errata RHSA-2021:4907 0 None None None 2021-12-01 22:23:14 UTC
Red Hat Product Errata RHSA-2021:4909 0 None None None 2021-12-02 09:04:36 UTC
Red Hat Product Errata RHSA-2021:4919 0 None None None 2021-12-02 18:25:50 UTC
Red Hat Product Errata RHSA-2021:4932 0 None None None 2021-12-06 08:51:42 UTC
Red Hat Product Errata RHSA-2021:4933 0 None None None 2021-12-06 09:00:32 UTC
Red Hat Product Errata RHSA-2021:4946 0 None None None 2021-12-06 12:47:28 UTC
Red Hat Product Errata RHSA-2021:4953 0 None None None 2021-12-06 19:05:25 UTC
Red Hat Product Errata RHSA-2021:4954 0 None None None 2021-12-06 19:28:20 UTC
Red Hat Product Errata RHSA-2021:4969 0 None None None 2021-12-06 22:38:34 UTC
Red Hat Product Errata RHSA-2021:4994 0 None None None 2021-12-07 15:43:54 UTC
Red Hat Product Errata RHSA-2021:5006 0 None None None 2021-12-08 07:40:06 UTC
Red Hat Product Errata RHSA-2021:5035 0 None None None 2021-12-08 18:28:56 UTC

Description msiddiqu 2021-11-17 23:31:04 UTC
A flaw was found in the way NSS verifies certificates. That will happen both when client reads the Certificate message from the server or when server is configured to ask for client certificates and then receives one.

Firefox is not vulnerable as it uses the mozilla::pkix for certificate verification. Crucially, NSS fully parses the certificate before any other checks, so disabled signature methods or certificate types don't impact exploitability.

Any TLS and DTLS client that does use NSS built in certificate verification routines is vulnerable as well as any server that has certificate based client authentication enabled.

But the issue is not limited to TLS, any applications that use certificate verification are vulnerable, S/MIME is impacted too.

Comment 18 Huzaifa S. Sidhpurwala 2021-12-01 16:20:10 UTC
Upstream patch: https://hg.mozilla.org/projects/nss/rev/6b3dc97a8767d9dc5c4c181597d1341d0899aa58

Comment 19 Huzaifa S. Sidhpurwala 2021-12-01 16:51:26 UTC
Created nss tracking bugs for this issue:

Affects: fedora-all [bug 2028186]

Comment 20 errata-xmlrpc 2021-12-01 18:12:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4903 https://access.redhat.com/errata/RHSA-2021:4903

Comment 21 errata-xmlrpc 2021-12-01 18:37:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:4904 https://access.redhat.com/errata/RHSA-2021:4904

Comment 23 errata-xmlrpc 2021-12-01 22:23:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2021:4907 https://access.redhat.com/errata/RHSA-2021:4907

Comment 25 errata-xmlrpc 2021-12-02 09:04:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2021:4909 https://access.redhat.com/errata/RHSA-2021:4909

Comment 26 errata-xmlrpc 2021-12-02 18:25:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:4919 https://access.redhat.com/errata/RHSA-2021:4919

Comment 31 errata-xmlrpc 2021-12-06 08:51:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support

Via RHSA-2021:4932 https://access.redhat.com/errata/RHSA-2021:4932

Comment 32 errata-xmlrpc 2021-12-06 09:00:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support
  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.6 Telco Extended Update Support

Via RHSA-2021:4933 https://access.redhat.com/errata/RHSA-2021:4933

Comment 33 errata-xmlrpc 2021-12-06 12:47:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support
  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.7 Telco Extended Update Support

Via RHSA-2021:4946 https://access.redhat.com/errata/RHSA-2021:4946

Comment 34 errata-xmlrpc 2021-12-06 19:05:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:4953 https://access.redhat.com/errata/RHSA-2021:4953

Comment 35 errata-xmlrpc 2021-12-06 19:28:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:4954 https://access.redhat.com/errata/RHSA-2021:4954

Comment 36 errata-xmlrpc 2021-12-06 22:38:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2021:4969 https://access.redhat.com/errata/RHSA-2021:4969

Comment 37 errata-xmlrpc 2021-12-07 15:43:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support

Via RHSA-2021:4994 https://access.redhat.com/errata/RHSA-2021:4994

Comment 40 errata-xmlrpc 2021-12-08 07:40:04 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2021:5006 https://access.redhat.com/errata/RHSA-2021:5006

Comment 42 errata-xmlrpc 2021-12-08 18:28:54 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2021:5035 https://access.redhat.com/errata/RHSA-2021:5035

Comment 44 Product Security DevOps Team 2021-12-08 19:34:15 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-43527


Note You need to log in before you can comment on or make changes to this bug.