Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-20305

Опубликовано: 05 апр. 2021
Источник: nvd
CVSS3: 8.1
CVSS2: 6.8
EPSS Низкий

Описание

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:nettle_project:nettle:*:*:*:*:*:*:*:*
Версия до 3.7.2 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 39%
0.00176
Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-327
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2021-20305

CVSS3: 8.1
ubuntu
почти 5 лет назад

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

redhat логотип

CVE-2021-20305

CVSS3: 8.1
redhat
почти 5 лет назад

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

msrc логотип

CVE-2021-20305

CVSS3: 8.1
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2021-20305

CVSS3: 8.1
debian
почти 5 лет назад

A flaw was found in Nettle in versions before 3.7.2, where several Net ...

suse-cvrf логотип

openSUSE-SU-2021:0635-1

suse-cvrf
почти 5 лет назад

Security update for libnettle

EPSS

Процентиль: 39%
0.00176
Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-327
CWE-787