Remote crash in RSA decryption via manipulated ciphertext (CVE-2021-3580). A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation (CVE-2021-20305). The Mageia 8 nettle package has been updated to version 3.7.3 and the Mageia 7 nettle package has been patched to fix these issues.

OSVersionArchitecturePackageVersionFilename
Mageia7noarchnettle< 3.4.1-1.1nettle-3.4.1-1.1.mga7
Mageia8noarchnettle< 3.7.3-1nettle-3.7.3-1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	nettle	< 3.4.1-1.1	nettle-3.4.1-1.1.mga7
Mageia	8	noarch	nettle	< 3.7.3-1	nettle-3.7.3-1.mga8

References

bugs.mageia.org/show_bug.cgi?id=28800

lists.lysator.liu.se/pipermail/nettle-bugs/2021/009458.html

lists.lysator.liu.se/pipermail/nettle-bugs/2021/009545.html

ubuntu.com/security/notices/USN-4906-1

ubuntu.com/security/notices/USN-4990-1

osv 9

nessus 68

debian 3

openvas 29

prion 2

redos 9

cvelist 2

redhat 16

ubuntucve 2

f5 1

oraclelinux 4

alpinelinux 2

fedora 1

altlinux 2

debiancve 2

cloudfoundry 2

veracode 2

almalinux 2

suse 3

amazon 1

redhatcve 2

rocky 2

cve 2

ubuntu 2

slackware 1

cbl_mariner 3

centos 1

photon 15

gentoo 2

archlinux 1

rosalinux 1

ibm 5

osv

nettle - security update

2021-09-18 00:00:00

nettle - security update

2021-06-18 00:00:00

nettle vulnerability

2021-04-13 15:00:11

nessus

Debian DSA-4933-1 : nettle - security update

2021-06-21 00:00:00

EulerOS Virtualization 2.9.0 : nettle (EulerOS-SA-2021-2786)

2021-11-17 00:00:00

EulerOS Virtualization 3.0.6.0 : nettle (EulerOS-SA-2022-1084)

2022-02-13 00:00:00

debian

[SECURITY] [DSA 4933-1] nettle security update

2021-06-18 18:58:09

[SECURITY] [DSA 4933-1] nettle security update

2021-06-18 18:58:26

[SECURITY] [DLA 2760-1] nettle security update

2021-09-18 14:46:56

openvas

Mageia: Security Advisory (MGASA-2021-0300)

2022-01-28 00:00:00

Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2021-2734)

2021-11-17 00:00:00

Debian: Security Advisory (DSA-4933-1)

2021-06-19 00:00:00

prion

Design/Logic Flaw

2021-04-05 22:15:00

Denial of service

2021-08-05 21:15:00

redos

ROS-2-583

2021-09-08 00:00:00

ROS-2-500

2021-09-08 00:00:00

ROS-2-619

2021-09-08 00:00:00

cvelist

CVE-2021-20305

2021-04-05 21:31:06

CVE-2021-3580

2021-08-05 00:00:00

redhat

(RHSA-2021:2356) Important: nettle security update

2021-06-09 08:30:05

(RHSA-2021:1245) Important: gnutls and nettle security update

2021-04-19 11:26:49

(RHSA-2021:1246) Important: gnutls and nettle security update

2021-04-19 11:27:37

ubuntucve

CVE-2021-20305

2021-04-05 00:00:00

CVE-2021-3580

2021-06-10 00:00:00

K33101555 : Nettle cryptography library vulnerability CVE-2021-20305

2021-06-08 00:00:00

oraclelinux

gnutls and nettle security update

2021-04-16 00:00:00

nettle security update

2021-04-09 00:00:00

gnutls security update

2022-03-17 00:00:00

alpinelinux

CVE-2021-20305

2021-04-05 22:15:00

CVE-2021-3580

2021-08-05 21:15:00

fedora

[SECURITY] Fedora 33 Update: gnutls-3.6.16-1.fc33

2021-06-01 01:06:08

altlinux

Security fix for the ALT Linux 10 package gnutls30 version 3.6.16-alt1

2021-05-31 00:00:00

Security fix for the ALT Linux 9 package gnutls30 version 3.6.16-alt1

2021-06-09 00:00:00

debiancve

CVE-2021-20305

2021-04-05 22:15:00

CVE-2021-3580

2021-08-05 21:15:00

cloudfoundry

USN-4906-1: Nettle vulnerability | Cloud Foundry

2021-04-29 00:00:00

USN-4990-1: Nettle vulnerabilities | Cloud Foundry

2021-07-08 00:00:00

veracode

Incorrect Signature Verification

2021-04-17 00:58:26

Denial Of Service (DoS)

2021-09-18 03:57:04

almalinux

Important: gnutls and nettle security update

2021-04-14 20:07:45

Moderate: gnutls and nettle security, bug fix, and enhancement update

2021-11-09 09:23:20

suse

Security update for libnettle (important)

2021-05-01 00:00:00

Security update for libnettle (important)

2021-07-11 00:00:00

Security update for libnettle (important)

2021-06-24 00:00:00

amazon

Important: nettle

2021-04-20 17:55:00

redhatcve

CVE-2021-20305

2021-03-31 17:08:42

CVE-2021-3580

2021-06-08 11:48:53

rocky

gnutls and nettle security update

2021-04-14 20:07:45

gnutls and nettle security, bug fix, and enhancement update

2021-11-09 09:23:20

cve

CVE-2021-20305

2021-04-05 22:15:00

CVE-2021-3580

2021-08-05 21:15:00

ubuntu

Nettle vulnerability

2021-04-13 00:00:00

Nettle vulnerabilities

2021-06-17 00:00:00

slackware

[slackware-security] gnutls

2021-05-25 18:17:19

cbl_mariner

CVE-2021-20305 affecting package nettle 3.4.1-2

2021-05-06 23:56:43

CVE-2021-3580 affecting package nettle for versions less than 3.7.3-1

2022-04-09 06:51:55

CVE-2021-3580 affecting package nettle 3.7.2-1

2021-09-09 15:02:55

centos

nettle security update

2021-04-16 20:23:43

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0339

2021-04-21 00:00:00

Important Photon OS Security Update - PHSA-2021-0286

2021-08-19 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0380

2021-08-19 00:00:00

gentoo

Nettle: Denial of service

2021-05-26 00:00:00

Nettle: Denial of Service

2024-01-16 00:00:00

archlinux

[ASA-202106-28] nettle: denial of service

2021-06-09 00:00:00

rosalinux

Advisory ROSA-SA-2021-1930

2021-07-02 17:33:14

ibm

Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities (CVE-2020-25648, CVE-2021-31535, CVE-2021-20305, CVE-2020-25692)

2021-11-08 03:57:51

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from gzip, jackson-databind, libssh, gnutls, nettle and zlib

2022-05-25 14:55:17

Security Bulletin: Multiple vulnerabilites affect IBM Jazz Foundation and IBM Engineering products.

2021-07-16 17:54:43

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

0.01 Low

EPSS

Percentile

83.2%

JSON

Related for MGASA-2021-0300