4 matches found
CVE-2021-43527
CVE-2021-43527 describes a heap overflow in NSS when handling DER-encoded DSA or RSA-PSS signatures. The vulnerability affects NSS versions prior to 3.73 (and 3.68.1 ESR for some configurations) and can impact applications using NSS for signatures in CMS, S/MIME, PKCS#7, or PKCS#12, as well as th...
CVE-2020-12403
CVE-2020-12403 affects NSS where the CHACHA20-POLY1305 implementation for multi-part ChaCha20 could trigger out-of-bounds reads in versions prior to 3.55. The fix disables multi-part ChaCha20 (which was malfunctioning) and enforces the ChaCha20-Poly1305 tag length, reducing confidentiality and av...
CVE-2023-4421
CVE-2023-4421 concerns the NSS library’s handling of PKCS#1 v1.5 padding, where timing side-channel leakage exposed information about padding validity and message length. This could enable Bleichenbacher-like attacks, allowing an attacker to decrypt previously intercepted PKCS#1 v1.5 ciphertext (...
CVE-2016-5285
CVE-2016-5285 is a NULL pointer dereference in Mozilla NSS caused by a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime. The vulnerability can allow a remote attacker to crash a TLS/SSL server (Denial of Service). Affected context in the provided documents includes NS...