Lucene search
K
Nettle ProjectNettle

8 matches found

CVE
CVE
added 2021/04/05 9:31 p.m.654 views

CVE-2021-20305

CVE-2021-20305 affects Nettle prior to 3.7.2 where signature verification (GOST DSA, EDDSA, ECDSA) calls ECC multiply with out-of-range scalars, potentially producing incorrect results and allowing an attacker to force an invalid signature (leading to assertion failure or validation issues). Docu...

8.1CVSS6.7AI score0.01607EPSS
CVE
CVE
added 2021/08/05 12:0 a.m.373 views

CVE-2021-3580

CVE-2021-3580 describes a flaw in nettle’s RSA decryption that allows specially crafted ciphertext to cause remote crashes and DoS. The connected advisories confirm affected nettle deployments and provide remediation guidance: upgrading nettle to a fixed version resolves the issue. For Debian, fi...

7.5CVSS7.3AI score0.02686EPSS
CVE
CVE
added 2018/12/03 2:0 p.m.175 views

CVE-2018-16869

CVE-2018-16869 is a Bleichenbacher-type side-channel padding oracle vulnerability in the nettle cryptographic library, caused by how nettle handles endian conversion of RSA-decrypted PKCS#1 v1.5 data. Exploitation could allow an attacker on the same physical core to extract plaintext or, in some ...

5.7CVSS5.4AI score0.01495EPSS
CVE
CVE
added 2017/04/14 6:0 p.m.149 views

CVE-2016-6489

Summary of the issue: The nettle cryptographic library contains a cache-related side-channel flaw in its RSA and DSA decryption code that could allow a remote attacker to recover a private key from a co-located VM. This vulnerability is referenced across multiple advisories (CVE-2016-6489). What ...

7.5CVSS7.3AI score0.05007EPSS
CVE
CVE
added 2016/02/23 7:0 p.m.88 views

CVE-2015-8805

Summary. The CVE-2015-8805 issue affects the nettle cryptographic library prior to version 3.2. The vulnerability is in the elliptic-curve implementation for P-256: the ecc_256_modq function in ecc-256.c does not properly handle carry propagation, producing incorrect output. This is documented al...

9.8CVSS8.6AI score0.02791EPSS
CVE
CVE
added 2016/02/23 7:0 p.m.85 views

CVE-2015-8803

CVE-2015-8803 affects the nettle library: the ecc_256_modp implementation for P-256 may propagate carries incorrectly in nettle before version 3.2, producing incorrect output and potentially allowing unspecified impact. Multiple Nessus reports and advisories (MiracleLinux AXSA-2016-1108, EulerOS ...

9.8CVSS8.6AI score0.04212EPSS
CVE
CVE
added 2016/02/23 7:0 p.m.81 views

CVE-2015-8804

CVE-2015-8804 affects the nettle cryptographic library (P-384 path) in x86_64 ECC, where the ecc-384-modp.asm implementation mishandles carry propagation, producing incorrect output and enabling unspecified impact via unknown vectors. Affected product/version: nettle prior to 3.2. The CVE is disc...

9.8CVSS8.5AI score0.03947EPSS
CVE
CVE
added 2023/06/25 12:0 a.m.59 views

CVE-2023-36660

The CVE-2023-36660 vulnerability affects Nettle’s OCB feature in libnettle, with memory corruption possible in Nettle 3.9 before 3.9.1. Affected component: libnettle (OCB) within the Nettle 3.9.x series. Root cause: memory corruption due to OCB implementation in libnettle; exploit details are not...

9.8CVSS9.3AI score0.01023EPSS