OpenSSL 1.1.1 < 1.1.1l Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.1l. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1l advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data...

UBUNTU-CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

OESA-2021-1320 nettle security update

Nettle is a cryptographic library designed to fit any context in crypto toolkits for object-oriented languages, in applications like LSH or GnuPG, or even in kernel space. Security Fixes: A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attack...

REW-sploit - Emulate And Dissect MSF And *Other* Attacks

REW-sploit The tool has been presented at Black-Hat Arsenal USA 2021 https://www.blackhat.com/us-21/arsenal/schedule/index.htmlrew-sploit-dissecting-metasploit-attacks-24086 Slides of presentation are available at https://github.com/REW-sploit/REW-sploitdocs Need help in analyzing Windows shellco...

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

...

Kaseya’s ‘Master Key’ to REvil Attack Leaked Online

Someone has leaked the master decryption key that Kaseya used to unlock the files encrypted by a REvil ransomware attack on the company that affected customers across 22 countries last month. However, while the key may be interesting to security researchers, it’s not likely to be of use to any of...

AZL-6741 CVE-2021-3580 affecting package nettle for versions less than 3.7.3-1

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...

CVE-2021-3580

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...

CVE-2021-3580

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...

DEBIAN-CVE-2021-3580

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...

Denial of service

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...

CVE-2021-3580

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...

CVE-2021-25444

An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process...

Design/Logic Flaw

An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process...

CVE-2021-25444

CVE-2021-25444 is a vulnerability in Samsung’s Keymaster Trusted Application (TA) running in the ARM TrustZone Secure World. The issue is an IV reuse flaw in the Keymaster TA that decrypts custom key blobs, enabling a privileged process to access hardware-backed keys. Affected devices include Sam...

CVE-2021-25444

An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process...

CVE-2021-3580

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...

CVE-2021-3580

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...

CVE-2021-3580

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...

CVE-2021-3580

CVE-2021-3580 describes a flaw in nettle’s RSA decryption that allows specially crafted ciphertext to cause remote crashes and DoS. The connected advisories confirm affected nettle deployments and provide remediation guidance: upgrading nettle to a fixed version resolves the issue. For Debian, fi...