PT-2021-23859 · Mozilla+5 · Thunderbird+5

Tavis Ormandy

Published

2021-11-03

Updated

2025-03-19

CVE-2021-43529

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 91.3.0

Description The issue is related to a heap overflow when processing S/MIME messages, specifically those containing certificates with DER-encoded DSA or RSA-PSS signatures.

Recommendations For Thunderbird versions prior to 91.3.0, update to version 91.3.0 or later to resolve the issue.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2021-3226

ALT-PU-2021-3259

ALT-PU-2021-3370

ALT-PU-2022-1783

CESA-2021_4130

CESA-2021_4134

CVE-2021-43529

DLA-2874-1

DSA-5034-1

RHSA-2021:4130

RHSA-2021:4132

RHSA-2021:4133

RHSA-2021:4134

RHSA-2021_4130

RHSA-2021_4134

RLSA-2021:4130

Affected Products

Alt Linux

Astra Linux

Centos

Red Hat

Rocky Linux

Thunderbird

PT-2021-23859 · Mozilla+5 · Thunderbird+5

CVE-2021-43529

Weakness Enumeration

Related Identifiers

Affected Products

References · 28