Home

CVE-2015-8803

Description

The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
12.343

Associated Vulnerability

VulnerabilityOS Platform
low level cryptographic library (public-key cryptos) (USN-2897-1) libnettle6_3.1.1-4ubuntu0.1_i386.debLinux
low level cryptographic library (public-key cryptos) (USN-2897-1) libnettle6_3.1.1-4ubuntu0.1_amd64.debLinux
(RHSA-2016:2582) Moderate: nettle security and bug fix update nettle-2.7.1-8.el7.i686.rpmLinux
(RHSA-2016:2582) Moderate: nettle security and bug fix update nettle-2.7.1-8.el7.x86_64.rpmLinux
(RHSA-2016:2582) Moderate: nettle security and bug fix update nettle-devel-2.7.1-8.el7.i686.rpmLinux
(RHSA-2016:2582) Moderate: nettle security and bug fix update nettle-devel-2.7.1-8.el7.x86_64.rpmLinux
SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libhogweed2-2.7.1-9.1.x86_64.rpmLinux
SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libhogweed2-32bit-2.7.1-9.1.x86_64.rpmLinux
SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libhogweed2-debuginfo-2.7.1-9.1.x86_64.rpmLinux
SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libhogweed2-debuginfo-32bit-2.7.1-9.1.x86_64.rpmLinux
SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libnettle-debugsource-2.7.1-9.1.x86_64.rpmLinux
SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libnettle4-2.7.1-9.1.x86_64.rpmLinux
SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libnettle4-32bit-2.7.1-9.1.x86_64.rpmLinux
SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libnettle4-debuginfo-2.7.1-9.1.x86_64.rpmLinux
SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libnettle4-debuginfo-32bit-2.7.1-9.1.x86_64.rpmLinux
Nettle update (ELSA-2016-2582) nettle-2.7.1-8.el7.x86_64.rpmLinux
Nettle-devel update (ELSA-2016-2582) nettle-devel-2.7.1-8.el7.x86_64.rpmLinux
Nettle update (ELSA-2016-2582) nettle-2.7.1-8.el7.i686.rpmLinux
Nettle-devel update (ELSA-2016-2582) nettle-devel-2.7.1-8.el7.i686.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234