Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3798

Опубликовано: 18 мая 2021
Источник: redhat
CVSS3: 5.1

Описание

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6opencryptokiNot affected
Red Hat Enterprise Linux 7opencryptokiNot affected
Red Hat Enterprise Linux 9opencryptokiNot affected
Red Hat Enterprise Linux 8opencryptokiFixedRHBA-2021:305410.08.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1990591openCryptoki: Soft token does not check if an EC key is valid

5.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-3798

CVSS3: 5.5
ubuntu
больше 3 лет назад

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.

nvd логотип

CVE-2021-3798

CVSS3: 5.5
nvd
больше 3 лет назад

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.

msrc логотип

CVE-2021-3798

CVSS3: 5.5
msrc
больше 3 лет назад

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.

debian логотип

CVE-2021-3798

CVSS3: 5.5
debian
больше 3 лет назад

A flaw was found in openCryptoki. The openCryptoki Soft token does not ...

github логотип

GHSA-f2gp-jqv6-cmxg

CVSS3: 5.5
github
больше 3 лет назад

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.

5.1 Medium

CVSS3