Severity
Medium
Analysis Summary
CVE-2021-43527
Mozilla Network Security Services (NSS), as used in Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when handling DER-encoded DSA or RSA-PSS signatures. By sending an overly long signature, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Impact
- Buffer Overflow
Affected Vendors
Mozilla
Affected Products
- Mozilla Nss 3.66
Remediation
Refer to Mozilla Security Advisory for patch, upgrade or suggested workaround information.