Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-3798

Опубликовано: 23 авг. 2022
Источник: ubuntu
Приоритет: medium
CVSS3: 5.5

Описание

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

needs-triage

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

esm-apps/xenial

needs-triage

esm-infra-legacy/trusty

DNE

focal

ignored

end of standard support, was needs-triage
hirsute

ignored

end of life

Показывать по

Ссылки на источники

5.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-3798

CVSS3: 5.1
redhat
больше 4 лет назад

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.

nvd логотип

CVE-2021-3798

CVSS3: 5.5
nvd
больше 3 лет назад

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.

msrc логотип

CVE-2021-3798

CVSS3: 5.5
msrc
больше 3 лет назад

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.

debian логотип

CVE-2021-3798

CVSS3: 5.5
debian
больше 3 лет назад

A flaw was found in openCryptoki. The openCryptoki Soft token does not ...

github логотип

GHSA-f2gp-jqv6-cmxg

CVSS3: 5.5
github
больше 3 лет назад

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.

5.5 Medium

CVSS3