8 matches found
CVE-2021-20305
CVE-2021-20305 affects Nettle prior to 3.7.2 where signature verification (GOST DSA, EDDSA, ECDSA) calls ECC multiply with out-of-range scalars, potentially producing incorrect results and allowing an attacker to force an invalid signature (leading to assertion failure or validation issues). Docu...
CVE-2021-3580
CVE-2021-3580 describes a flaw in nettle’s RSA decryption that allows specially crafted ciphertext to cause remote crashes and DoS. The connected advisories confirm affected nettle deployments and provide remediation guidance: upgrading nettle to a fixed version resolves the issue. For Debian, fi...
CVE-2018-16869
CVE-2018-16869 is a Bleichenbacher-type side-channel padding oracle vulnerability in the nettle cryptographic library, caused by how nettle handles endian conversion of RSA-decrypted PKCS#1 v1.5 data. Exploitation could allow an attacker on the same physical core to extract plaintext or, in some ...
CVE-2016-6489
Summary of the issue: The nettle cryptographic library contains a cache-related side-channel flaw in its RSA and DSA decryption code that could allow a remote attacker to recover a private key from a co-located VM. This vulnerability is referenced across multiple advisories (CVE-2016-6489). What ...
CVE-2015-8805
Summary. The CVE-2015-8805 issue affects the nettle cryptographic library prior to version 3.2. The vulnerability is in the elliptic-curve implementation for P-256: the ecc_256_modq function in ecc-256.c does not properly handle carry propagation, producing incorrect output. This is documented al...
CVE-2015-8803
CVE-2015-8803 affects the nettle library: the ecc_256_modp implementation for P-256 may propagate carries incorrectly in nettle before version 3.2, producing incorrect output and potentially allowing unspecified impact. Multiple Nessus reports and advisories (MiracleLinux AXSA-2016-1108, EulerOS ...
CVE-2015-8804
CVE-2015-8804 affects the nettle cryptographic library (P-384 path) in x86_64 ECC, where the ecc-384-modp.asm implementation mishandles carry propagation, producing incorrect output and enabling unspecified impact via unknown vectors. Affected product/version: nettle prior to 3.2. The CVE is disc...
CVE-2023-36660
The CVE-2023-36660 vulnerability affects Nettle’s OCB feature in libnettle, with memory corruption possible in Nettle 3.9 before 3.9.1. Affected component: libnettle (OCB) within the Nettle 3.9.x series. Root cause: memory corruption due to OCB implementation in libnettle; exploit details are not...