CVE-2021-3580

Опубликовано: 05 авг. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1967983
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202401-24
https://security.netapp.com/advisory/ntap-20211104-0006/
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1967983
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202401-24
https://security.netapp.com/advisory/ntap-20211104-0006/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nettle_project:nettle:*:*:*:*:*:*:*:*

Версия до 3.7.3 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

EPSS

Процентиль: 12%

0.00041

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2021-3580

CVSS3: 7.5

ubuntu

почти 4 года назад

CVE-2021-3580

CVSS3: 7.5

redhat

около 4 лет назад

CVE-2021-3580

CVSS3: 7.5

debian

почти 4 года назад

A flaw was found in the way nettle's RSA decryption functions handled ...

openSUSE-SU-2021:2143-1

suse-cvrf

почти 4 года назад

Security update for libnettle

openSUSE-SU-2021:0906-1

suse-cvrf

около 4 лет назад

Security update for libnettle

EPSS

Процентиль: 12%

0.00041

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20