Nettle
CVE-2021-20305
HIGH
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
AnalysisAI
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
Technical ContextAI
This vulnerability is classified under CWE-327. A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. Affected products include: Nettle Project Nettle, Fedoraproject Fedora, Redhat Enterprise Linux, Netapp Active Iq Unified Manager, Netapp Ontap Select Deploy Administration Utility. Version information: before 3.7.2.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces inco
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces inco
The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption. Rated critical severity (CVSS 9.8), th
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channe
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. Rated high severity
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today