Skip to main content

Nettle

8 CVEs product

Monthly

CVE-2023-36660 CRITICAL PATCH Act Now

The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Nettle
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-3580 HIGH PATCH This Week

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Nettle Enterprise Linux Debian Linux Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-20305 HIGH PATCH This Week

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Nettle Fedora Enterprise Linux Active Iq Unified Manager +2
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2018-16869 MEDIUM This Month

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Oracle Information Disclosure Nettle
NVD
CVSS 3.1
5.7
EPSS
1.5%
CVE-2016-6489 HIGH PATCH This Week

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server Enterprise Linux Workstation +2
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2015-8805 CRITICAL PATCH Act Now

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nettle Ubuntu Linux Leap Opensuse
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2015-8804 CRITICAL PATCH Act Now

x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.9%.

Information Disclosure Nettle Ubuntu Linux Leap Opensuse
NVD
CVSS 3.0
9.8
EPSS
11.9%
CVE-2015-8803 CRITICAL PATCH Act Now

The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3%.

Information Disclosure Nettle Ubuntu Linux Leap Opensuse
NVD
CVSS 3.0
9.8
EPSS
12.3%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Nettle
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Nettle Enterprise Linux +2
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Nettle Fedora +4
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Oracle Information Disclosure Nettle
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Enterprise Linux Desktop Enterprise Linux Hpc Node +4
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nettle Ubuntu Linux +2
NVD
EPSS 12% CVSS 9.8
CRITICAL PATCH Act Now

x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.9%.

Information Disclosure Nettle Ubuntu Linux +2
NVD
EPSS 12% CVSS 9.8
CRITICAL PATCH Act Now

The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3%.

Information Disclosure Nettle Ubuntu Linux +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy