Описание
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
A flaw was found in nettle in the way its RSA decryption functions handle specially crafted ciphertext. This flaw allows an attacker to provide a manipulated ciphertext, leading to an application crash and a denial of service.
Меры по смягчению последствий
As per upstream: For applications that want to support older versions of nettle, the bug can be worked around by adding a check that the RSA ciphertext is in the range 0 < ciphertext < n, before attempting to decrypt it.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | nettle | Will not fix | ||
| Red Hat Enterprise Linux 8 | mingw-nettle | Not affected | ||
| Red Hat Enterprise Linux 9 | nettle | Not affected | ||
| Red Hat Enterprise Linux 8 | gnutls | Fixed | RHSA-2021:4451 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | nettle | Fixed | RHSA-2021:4451 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | gnutls | Fixed | RHSA-2021:4451 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | nettle | Fixed | RHSA-2021:4451 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
A flaw was found in the way nettle's RSA decryption functions handled ...
EPSS
7.5 High
CVSS3