logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2015-8805

Description

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. #### Bugs * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813679> #### Notes Author| Note ---|--- [mdeslaur](<https://launchpad.net/~mdeslaur>) | same patch as CVE-2015-8803


Affected Package


OS OS Version Package Name Package Version
ubuntu 14.04 nettle 2.7.1-1ubuntu0.1
ubuntu upstream nettle 3.2
ubuntu 15.10 nettle 3.1.1-4ubuntu0.1

Related