Astra Linux – Vulnerability in Nettle

A flaw was discovered in Nettle versions prior to 3.7.2. In these versions, several Nettle signature verification functions—GOST DSA, EDDSA, and ECDSA—result in the Elliptic Curve Cryptography point ECC’s multiply function being called with out-of-range scalers. This may lead to incorrect results...

JLSEC-2026-575

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allow...

JLSEC-2026-576

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...

JLSEC-2026-522

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances...

Unity Linux 20.1060e / 20.1070e Security Update: nettle (UTSA-2026-016652)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016652 advisory. A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated cipherte...

Unity Linux 20.1060e / 20.1070e Security Update: nettle (UTSA-2026-016616)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016616 advisory. A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve...

Astra Linux – Vulnerability in Nettle

A flaw was discovered in the way Nettle’s RSA decryption functions handled specially crafted ciphertext. An attacker could exploit this flaw to deliver manipulated ciphertext, resulting in application crashes and denial of service...

CLSA-2026-1777452099 nettle: Fix of CVE-2021-3580

CVE-2021-3580: add input validation to RSA decrypt family and length check to pkcs1secdecrypt...

CLSA-2026-1777451834 nettle: Fix of CVE-2021-3580

CVE-2021-3580: add input validation to RSA decrypt family and length check to pkcs1secdecrypt...

[slackware-security] libarchive

New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.8.6-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: libarchive: fix incompatibility with...

ROS-20260310-73-0040

A vulnerability in the signature verification functions GOST DSA, EDDSA and ECDSA of the Nettle library is related to flaws in the cryptographic algorithms used. Exploitation of the vulnerability could allow an attacker to execute arbitrary code by entering an invalid signature...

MiracleLinux 8 : gnutls-3.6.14-8.el8, nettle-3.4.1-4.el8 (AXSA:2021-1688:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1688:01 advisory. nettle: Out of bounds memory access in signature verification CVE-2021-20305 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : gnutls-3.7.6-12.el9, nettle-3.8-3.el9 (AXSA:2022-4094:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4094:01 advisory. gnutls: Double free during gnutlspkcs7verify. CVE-2022-2509 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : gnutls-3.6.16-4.el8, nettle-3.4.1-7.el8 (AXSA:2021-2630:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2630:02 advisory. nettle: Remote crash in RSA decryption via manipulated ciphertext CVE-2021-3580 gnutls: Use after free in client keyshare extension CVE-2021-20231...

MiracleLinux 7 : nettle-2.7.1-9.el7 (AXSA:2021-1651:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1651:01 advisory. nettle: Out of bounds memory access in signature verification CVE-2021-20305 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : nettle-2.7.1-8.el7 (AXSA:2016-1108:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-1108:01 advisory. Nettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages C ,...

MiracleLinux 7 : nettle-2.7.1-9.0.1.el7.AXS7 (AXSA:2025-10914:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10914:02 advisory. Nettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages C++, Python,...

[slackware-security] gnutls

New gnutls packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/gnutls-3.8.11-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: libgnutls: Fix stack overwrite in...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2021-20305)

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allow...

Fedora: Security Advisory (FEDORA-2025-246cd08b09)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...