Nettle_project Nettle

8 CVEs affecting Nettle_project Nettle. Latest disclosed: 2023-06-25. Critical: 4, High: 3.

Top CVEs affecting Nettle_project Nettle
CVESeverityScorePublishedSummary
CVE-2023-36660Critical9.82023-06-25The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.
CVE-2015-8805Critical9.82016-02-23The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of t…
CVE-2015-8804Critical9.82016-02-23x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST e…
CVE-2015-8803Critical9.82016-02-23The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of t…
CVE-2021-20305High8.12021-04-05A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Cur…
CVE-2021-3580High7.52021-08-05A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ci…
CVE-2016-6489High7.52017-04-14The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
CVE-2018-16869Medium5.72018-12-03A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An atta…