#1001048 vfychain: segmentation fault when trying to verify signatures signed with large keys

Package:
libnss3-tools
Source:
nss
Description:
Network Security Service tools
Submitter:
"David Eccles (gringer)"
Date:
2021-12-03 05:27:03 UTC
Severity:
important
#1001048#5
Date:
2021-12-03 05:05:18 UTC
From:
To:
Dear Maintainer,

I've recently noticed a bug in nss that was reported on Google Project Zero:

https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html

The reporter's claim is as follows:

I have tried out their example code on my Debian system, and it results in the reported Segmentation fault. This is interesting, given that the stated fixed version is NSS 3.73.0, and Debian is reporting that 3.73-1 is installed.

#1001048#10
Date:
2021-12-03 05:15:19 UTC
From:
To:
My mistake, sorry. I've noticed after looking at the package versions
that libnss3 is v2:3.68-1, which is not the same as the libnss3-tools
version [i.e. 3.73-1].