CVE-2021-43527

Name of the Vulnerable Software and Affected Versions NSS versions prior to 3.73 or 3.68.1 ESR

Description The issue is related to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution, and Evince, are believed to be impacted. The vulnerability may allow a remote attacker to execute arbitrary code.

Recommendations For NSS versions prior to 3.73 or 3.68.1 ESR, update to version 3.73 or 3.68.1 ESR or later to resolve the issue. As a temporary workaround, consider disabling the use of DER-encoded DSA or RSA-PSS signatures until a patch is available. Restrict access to vulnerable applications, such as email clients and PDF viewers, to minimize the risk of exploitation.