Unrated severityNVD Advisory· Published Aug 23, 2022· Updated Aug 3, 2024
CVE-2021-3798
CVE-2021-3798
Description
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: Fixed in v3.17.0
Patches
Vulnerability mechanics
References
4- access.redhat.com/security/cve/CVE-2021-3798mitrex_refsource_MISC
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0mitrex_refsource_MISC
- github.com/opencryptoki/opencryptoki/pull/402mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.