Nettle_project Nettle
8 CVEs affecting Nettle_project Nettle. Latest disclosed: 2023-06-25. Critical: 4, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-36660 | Critical | 9.8 | 2023-06-25 | The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption. |
CVE-2015-8805 | Critical | 9.8 | 2016-02-23 | The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of t… |
CVE-2015-8804 | Critical | 9.8 | 2016-02-23 | x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST e… |
CVE-2015-8803 | Critical | 9.8 | 2016-02-23 | The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of t… |
CVE-2021-20305 | High | 8.1 | 2021-04-05 | A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Cur… |
CVE-2021-3580 | High | 7.5 | 2021-08-05 | A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ci… |
CVE-2016-6489 | High | 7.5 | 2017-04-14 | The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. |
CVE-2018-16869 | Medium | 5.7 | 2018-12-03 | A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An atta… |