CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3580 – nettle: Remote crash in RSA decryption via manipulated ciphertext
https://notcve.org/view.php?id=CVE-2021-3580
17 Jun 2021 — A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. Se ha encontrado un fallo en la manera en que las funciones de descifrado RSA de Nettle manejan el texto cifrado especialmente diseñado. Un atacante podría usar este fallo para proporcionar un texto cifrado manipulado, conllevando al bloqueo de la aplicación y la denegación de servicio A fla... • https://bugzilla.redhat.com/show_bug.cgi?id=1967983 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-20305 – nettle: Out of bounds memory access in signature verification
https://notcve.org/view.php?id=CVE-2021-20305
05 Apr 2021 — A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. Se enc... • https://bugzilla.redhat.com/show_bug.cgi?id=1942533 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-787: Out-of-bounds Write •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16869 – Ubuntu Security Notice USN-4990-1
https://notcve.org/view.php?id=CVE-2018-16869
03 Dec 2018 — A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. Se ha detectado un ataque de oráculo de relleno basado en canales laterales de tipo Bleichenbacher en la manera en la que nettle maneja la conversión endian de l... • http://cat.eyalro.net • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2016-6489 – nettle: RSA/DSA code is vulnerable to cache-timing related attacks
https://notcve.org/view.php?id=CVE-2016-6489
03 Nov 2016 — The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. El código de descifrado RSA y DSA en Nettle facilita a los atacantes cubrir las claves privadas a través de un ataque de canal secundario de caché. It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. Nettle is a cryptograp... • http://rhn.redhat.com/errata/RHSA-2016-2582.html • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8805 – nettle: secp256 calculation bug
https://notcve.org/view.php?id=CVE-2015-8805
15 Feb 2016 — The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. La función ecc_256_modq en ecc-256.c en Nettle en versiones anteriores a 3.2 no maneja correctamente la propagación de acarreo y produce una salida incorrecta en su implementación de la curva elíptica P-256... • http://lists.opensuse.org/opensuse-updates/2016-02/msg00091.html • CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8803 – nettle: secp256 calculation bug
https://notcve.org/view.php?id=CVE-2015-8803
15 Feb 2016 — The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. La función ecc_256_modp en ecc-256.c en Nettle en versiones anteriores a 3.2 no maneja correctamente la propagación del acarreo y produce una salida incorrecta en su implementación de la curva elíptica P-25... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176807.html • CWE-254: 7PK - Security Features CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8804 – nettle: miscalculations on secp384 curve
https://notcve.org/view.php?id=CVE-2015-8804
15 Feb 2016 — x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. x86_64/ecc-384-modp.asm en Nettle en versiones anteriores a 3.2 no maneja correctamente la propagación de acarreo y produce una salida incorrecta en su implementación de la curva elíptica P-384 NIST, lo que permite a atacantes tener un impacto no especificado a travé... • http://lists.opensuse.org/opensuse-updates/2016-02/msg00091.html • CWE-254: 7PK - Security Features CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •