Nettle
CVE-2023-36660
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.
AnalysisAI
The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption. Affected products include: Nettle Project Nettle. Version information: before 3.9.1.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces inco
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces inco
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channe
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, ED
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. Rated high severity
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today