Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-20305

Опубликовано: 05 апр. 2021
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8
CVSS3: 8.1

Описание

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

РелизСтатусПримечание
bionic

released

3.4-1ubuntu0.1
devel

released

3.7-2.1ubuntu1
esm-infra-legacy/trusty

needed

esm-infra/bionic

released

3.4-1ubuntu0.1
esm-infra/focal

released

3.5.1+really3.5.1-2ubuntu0.1
esm-infra/xenial

released

3.2-1ubuntu0.16.04.2
fips-preview/jammy

released

3.7-2.1ubuntu1
fips-updates/jammy

released

3.7-2.1ubuntu1
focal

released

3.5.1+really3.5.1-2ubuntu0.1
groovy

released

3.6-2ubuntu0.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 39%
0.00176
Низкий

6.8 Medium

CVSS2

8.1 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-20305

CVSS3: 8.1
redhat
около 5 лет назад

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

nvd логотип

CVE-2021-20305

CVSS3: 8.1
nvd
около 5 лет назад

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

msrc логотип

CVE-2021-20305

CVSS3: 8.1
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2021-20305

CVSS3: 8.1
debian
около 5 лет назад

A flaw was found in Nettle in versions before 3.7.2, where several Net ...

suse-cvrf логотип

openSUSE-SU-2021:0635-1

suse-cvrf
почти 5 лет назад

Security update for libnettle

EPSS

Процентиль: 39%
0.00176
Низкий

6.8 Medium

CVSS2

8.1 High

CVSS3