CVE-2021-43527 Overview
CVE-2021-43527 is a critical heap overflow vulnerability in Mozilla Network Security Services (NSS) that affects versions prior to 3.73 and 3.68.1 ESR. The vulnerability occurs when handling DER-encoded DSA or RSA-PSS signatures, allowing remote attackers to potentially achieve arbitrary code execution or cause denial of service conditions.
Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Additionally, applications using NSS for certificate validation or other TLS, X.509, OCSP, or CRL functionality may be affected depending on their NSS configuration. Importantly, this vulnerability does NOT impact Mozilla Firefox. However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution, and Evince are believed to be impacted.
Critical Impact
This heap overflow vulnerability can be exploited remotely without authentication, potentially allowing attackers to execute arbitrary code or crash applications that process maliciously crafted digital signatures.
Affected Products
- Mozilla NSS (versions prior to 3.73)
- Mozilla NSS ESR (versions prior to 3.68.1)
- NetApp Cloud Backup
- NetApp E-Series SANtricity OS Controller
- Oracle Communications Cloud Native Core Binding Support Function 1.11.0
- Oracle Communications Cloud Native Core Network Repository Function 1.15.0/1.15.1
- Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0
- Oracle Communications Policy Management 12.6.0.0.0
- StarWind SAN & NAS v8r13
- StarWind Virtual SAN v8r13
Discovery Timeline
- 2021-12-08 - CVE-2021-43527 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2021-43527
Vulnerability Analysis
This vulnerability is classified as CWE-787 (Out-of-bounds Write), specifically manifesting as a heap overflow condition. The flaw exists in the signature verification code path within NSS when processing DER-encoded DSA or RSA-PSS signatures.
The vulnerability can be exploited remotely over the network without requiring authentication or user interaction. When a vulnerable application processes a maliciously crafted signature, the heap overflow can corrupt adjacent memory structures, potentially leading to arbitrary code execution with the privileges of the affected application.
The attack surface is significant as NSS is a widely-deployed cryptographic library used by numerous applications for handling secure communications and signature verification. Applications that process email signatures (S/MIME), signed documents (PKCS #7), or certificate bundles (PKCS #12) are particularly at risk.
Root Cause
The root cause is improper bounds checking in the NSS library when parsing DER-encoded signature data. The vulnerability occurs during the decoding and verification of DSA or RSA-PSS signatures, where insufficient validation of signature length fields allows an attacker to trigger a heap buffer overflow condition. The heap overflow results from the library writing beyond the allocated buffer boundaries when processing specially crafted signature structures.
Attack Vector
The attack vector is network-based, requiring an attacker to deliver a maliciously crafted signature to a vulnerable application. Exploitation scenarios include:
- Sending a malicious S/MIME signed email to a vulnerable email client (e.g., Thunderbird, Evolution)
- Providing a malicious certificate during TLS handshake to applications using NSS for certificate validation
- Delivering a PDF document with a malformed digital signature to a vulnerable PDF viewer (e.g., Evince)
- Processing malicious PKCS #7 or PKCS #12 containers through vulnerable applications
The vulnerability is triggered when the target application attempts to verify the malicious signature, causing the heap overflow during the DER decoding process. Since no user interaction beyond opening the malicious content is required, and no authentication is needed, this vulnerability poses a severe risk to affected systems.
Detection Methods for CVE-2021-43527
Indicators of Compromise
- Unexpected crashes in applications using NSS for signature verification (Thunderbird, Evolution, Evince, LibreOffice)
- Abnormal heap allocation patterns or memory corruption errors in NSS-dependent processes
- Core dumps or crash reports indicating heap corruption in libnss3.so or related NSS libraries
- Suspicious network traffic containing malformed signatures or certificates
Detection Strategies
- Monitor system logs for application crashes related to NSS library components
- Implement network-based intrusion detection signatures for malformed DER-encoded signatures
- Deploy endpoint detection rules to identify exploitation attempts targeting signature verification functions
- Use memory corruption detection tools to identify heap overflow attempts in real-time
Monitoring Recommendations
- Enable verbose logging for email clients and PDF viewers to capture signature verification failures
- Implement application crash monitoring for NSS-dependent applications across the enterprise
- Deploy network traffic analysis to identify suspicious certificate or signature exchanges
- Configure security information and event management (SIEM) alerts for patterns consistent with signature-based attacks
How to Mitigate CVE-2021-43527
Immediate Actions Required
- Update Mozilla NSS to version 3.73 or 3.68.1 ESR immediately on all affected systems
- Identify all applications and systems utilizing NSS for cryptographic operations
- Prioritize patching internet-facing systems and email infrastructure
- Review vendor advisories from Oracle, NetApp, and StarWind for product-specific updates
Patch Information
Mozilla has released patched versions of NSS that address this vulnerability:
- NSS 3.73 - Available from Mozilla NSS Release 3.73
- NSS 3.68.1 ESR - Available from Mozilla NSS Release 3.68.1
For detailed information about the vulnerability and fix, refer to:
Additional vendor-specific patches are available from:
- Oracle CPU April 2022 Security Alert
- NetApp Security Advisory NTAP-20211229-0002
- StarWind Security Advisory SW-20220802-0001
- Siemens Security Certificate SSA-594438
Workarounds
- Restrict processing of email attachments with digital signatures until patches can be applied
- Disable S/MIME signature verification functionality in email clients if not business-critical
- Implement network-level filtering to block potentially malicious signed content
- Consider application sandboxing for vulnerable applications to limit impact of exploitation
# Check installed NSS version on Linux systems
rpm -qa | grep nss
dpkg -l | grep libnss
# Update NSS on Debian/Ubuntu systems
sudo apt-get update
sudo apt-get install libnss3
# Update NSS on RHEL/CentOS systems
sudo yum update nss
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
