Lucene search

K
cvelistMozillaCVELIST:CVE-2021-43529
HistoryFeb 16, 2023 - 12:00 a.m.

CVE-2021-43529

2023-02-1600:00:00
mozilla
www.cve.org
thunderbird
s/mime
heap overflow
cve-2021-43527
der-encoded
dsa
rsa-pss

9.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.3%

Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures.

CNA Affected

[
  {
    "vendor": "Mozilla",
    "product": "Thunderbird",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "91.3.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]