CVE-2021-43527 (CNNVD-202112-002)
中文标题:
Mozilla Network Security Services 缓冲区错误漏洞
英文标题:
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overfl...
漏洞描述
中文描述:
Mozilla Network Security Services(NSS)是美国Mozilla基金会的一个函数库(网络安全服务库)。该产品可跨平台提供SSL、S/MIME和其他Internet安全标准支持。 Mozilla Network Security Services(NSS)中的 verifies certificates 存在缓冲区错误漏洞,该漏洞源于在NSS验证证书的方式中存在缺陷。攻击者可通过使用NSS编译的客户端应用程序发起SSL TLS连接来触发漏洞。
英文描述:
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Mozilla | NSS | - | < 3.73 | - |
cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*
|
| mozilla | nss | * | - | - |
cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*
|
| mozilla | nss_esr | * | - | - |
cpe:2.3:a:mozilla:nss_esr:*:*:*:*:*:*:*:*
|
| netapp | cloud_backup | - | - | - |
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
|
| netapp | e-series_santricity_os_controller | * | - | - |
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
|
| oracle | communications_cloud_native_core_binding_support_function | 1.11.0 | - | - |
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*
|
| oracle | communications_cloud_native_core_network_repository_function | 1.15.0 | - | - |
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
|
| oracle | communications_cloud_native_core_network_repository_function | 1.15.1 | - | - |
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*
|
| oracle | communications_cloud_native_core_network_slice_selection_function | 1.8.0 | - | - |
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
|
| oracle | communications_policy_management | 12.6.0.0.0 | - | - |
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*
|
| starwindsoftware | starwind_san_\&_nas | v8r13 | - | - |
cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r13:*:*:*:*:*:*:*
|
| starwindsoftware | starwind_virtual_san | v8r13 | - | - |
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2021-43527 |
2025-11-11 15:21:08 | 2025-11-11 07:37:05 |
| NVD | nvd_CVE-2021-43527 |
2025-11-11 14:57:46 | 2025-11-11 07:45:23 |
| CNNVD | cnnvd_CNNVD-202112-002 |
2025-11-11 15:10:46 | 2025-11-11 07:57:01 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 缓冲区错误
- cnnvd_id: 未提取 -> CNNVD-202112-002
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
- cvss_score: 未提取 -> 9.8
- cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- cvss_version: NOT_EXTRACTED -> 3.1
- affected_products_count: 2 -> 12
- data_sources: ['cve'] -> ['cve', 'nvd']