7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
80.7%
Severity: Medium
Date : 2021-06-09
CVE-ID : CVE-2021-3580
Package : nettle
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-2052
The package nettle before version 3.7.3-1 is vulnerable to denial of
service.
Upgrade to 3.7.3-1.
The problem has been fixed upstream in version 3.7.3.
None.
Multiple issues were found with Nettle’s RSA decryption functions
before version 3.7.3. These can be triggered by providing manipulated
ciphertext and could lead to application crash and denial of service.
Since nettle is used with gnuTLS, there is a possibility that a remote
client could crash a server compiled with gnuTLS when RSA is used for
the initial key exchange.
A remote attacker could crash an application using Nettle with a
crafted RSA ciphertext.
https://bugzilla.redhat.com/show_bug.cgi?id=1967983
https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe
https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
https://security.archlinux.org/CVE-2021-3580
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
80.7%