rpm package
suse/libnettle&distro=SUSE Linux Enterprise High Performance Computing 15-LTSS
pkg:rpm/suse/libnettle&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3580 | — | < 3.4.1-4.18.1 | 3.4.1-4.18.1 | Aug 5, 2021 | A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. | ||
| CVE-2021-20305 | — | < 3.4.1-4.15.1 | 3.4.1-4.15.1 | Apr 5, 2021 | A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect res | ||
| CVE-2020-11501 | — | < 3.4.1-4.12.1 | 3.4.1-4.12.1 | Apr 3, 2020 | GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negot |
- CVE-2021-3580Aug 5, 2021affected < 3.4.1-4.18.1fixed 3.4.1-4.18.1
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
- CVE-2021-20305Apr 5, 2021affected < 3.4.1-4.15.1fixed 3.4.1-4.15.1
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect res
- CVE-2020-11501Apr 3, 2020affected < 3.4.1-4.12.1fixed 3.4.1-4.12.1
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negot