Advisory ROSA-SA-2025-2685

Software: nettle 3.4.1 OS: ROSA Virtualization 3.0 packageevrstring: nettle-3.4.1-7 CVE-ID: CVE-2021-20305 BDU-ID: 2021-02748 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the signature verification functions GOST DSA, EDDSA, and ECDSA of the Nettle library is related to flaws in the cryptographic...

DOS on valid signatures

Lines of code Vulnerability details Impact It was observed that signature matching can fail due to incorrect updation of operatorIndex. Each loop iteration should reset operatorIndex but this is not happening causing matches to be skipped as shown in POC Proof of Concept 1. Assume...

CVE-2021-20305

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allow...

Incorrect signature verification in SimpleSAMLphp

Background An incorrect check of return values in the signature validation utilities allows an attacker to get invalid signatures accepted as valid by forcing an error during validation. Description The SimpleSAMLXMLValidator class allows the verification of the XML digital signature of a SAML 1...

Mandrake Security Advisory MDVSA-2009:048-2 (epiphany)

The remote host is missing an update to epiphany announced via advisory MDVSA-2009:048-2. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...