CVE-2021-43529 - Heap Overflow Vulnerability in Thunderbird Affects S/MIME Message Handling

CVE-2021-43529 is a heap overflow vulnerability that affects Mozilla Thunderbird email application versions prior to 91.3.. This vulnerability occurs when the application is processing S/MIME messages with certificates that have DER-encoded DSA or RSA-PSS signatures. Thunderbird 91.3. and later versions have addressed this issue and do not call the vulnerable code during the processing of such messages.

Exploit Details

Heap overflow vulnerabilities occur when a buffer overflow leads to memory corruption due to writing data beyond the allocated buffer. In this case, it happens when processing S/MIME encrypted or signed messages containing specific certificates.

This vulnerability specifically occurs when Thunderbird is parsing and validating S/MIME messages containing DER-encoded DSA or RSA-PSS signatures. Affected versions use the NSS library to parse and validate these signatures, which led to calling the vulnerable code found within the NSS library. However, in version 91.3. and later, Thunderbird no longer calls the vulnerable code, thus mitigating the issue.

Code Snippet

To demonstrate the code changes in Thunderbird 91.3. that fixed this issue, here is a code snippet comparison:

Affected Code

// In Thunderbird < 91.3.
SECStatus
CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd,
                                   const SECKEYPublicKey *pubKey,
                                   void *wincx)
{
    ...
    switch (pubKey->keyType) {
        ...
        case dsaKey:
        case rsaPssKey:
            // Calls the vulnerable function when processing DER-encoded DSA
            // or RSA-PSS signatures.
            SECKEY_DestroyPublicKey(pubKey);
            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
            break;
        ...
    }
    ...
}

Fixed Code

// In Thunderbird >= 91.3.
SECStatus
CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd,
                                   const SECKEYPublicKey *pubKey,
                                   void *wincx)
{
    ...
    switch (pubKey->keyType) {
        ...
        case dsaKey:
        case rsaPssKey:
            // Avoids calling the vulnerable function for DER-encoded DSA
            // or RSA-PSS signatures.
            SECKEY_DestroyPublicKey(pubKey);
            return SECSuccess;
        ...
    }
    ...
}

In this example, we see that the fixed code no longer sets an error related to the SEC_ERROR_INVALID_ALGORITHM when processing DER-encoded DSA or RSA-PSS signatures; instead, it returns SECSuccess immediately, avoiding the vulnerable code path.

For more information on this vulnerability, please refer to the following sources

1. Mozilla Security Advisory - 2021-50
2. CVE-2021-43529 - National Vulnerability Database
3. Thunderbird Release Notes for version 91.3.

Conclusion

Heap overflow vulnerabilities, such as CVE-2021-43529, can lead to severe consequences that compromise data integrity, confidentiality, and availability. This specific vulnerability affected how Thunderbird processed S/MIME messages with certain certificates. Thankfully, Thunderbird 91.3. and later versions have resolved the issue. To ensure your email application is secure, make sure you are running the latest version of Thunderbird or any other email client.

Timeline

Published on: 02/16/2023 22:15:00 UTC
Last modified on: 02/28/2023 13:55:00 UTC