3 matches found
Advisory ROSA-SA-2024-2438
Software: opencryptoki 3.14.0 OS: ROSA Virtualization 2.1 packageevrstring: opencryptoki-3.14.0 CVE-ID: CVE-2021-3798 BDU-ID: CVE-Crit: MEDIUM. CVE-DESC.: The openCryptoki software token does not check if the EC key is valid when the EC key is created with CCreateObject and when CDeriveKey is use...
CVE-2021-3798 affecting package opencryptoki for versions less than 3.17.0-1
CVE-2021-3798 affecting package opencryptoki for versions less than 3.17.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2021-3798
CVE-2021-3798 concerns a flaw in openCryptoki where the Soft token fails to validate EC keys created via C_CreateObject or derived with C_DeriveKey using ECDH public data. The underling issue allows a malicious user to extract the private key through an invalid-curve attack. Multiple connected so...