CVE-2015-8804
Description
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
11.875
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| low level cryptographic library (public-key cryptos) (USN-2897-1) libnettle6_3.1.1-4ubuntu0.1_i386.deb | Linux |
| low level cryptographic library (public-key cryptos) (USN-2897-1) libnettle6_3.1.1-4ubuntu0.1_amd64.deb | Linux |
| (RHSA-2016:2582) Moderate: nettle security and bug fix update nettle-2.7.1-8.el7.i686.rpm | Linux |
| (RHSA-2016:2582) Moderate: nettle security and bug fix update nettle-2.7.1-8.el7.x86_64.rpm | Linux |
| (RHSA-2016:2582) Moderate: nettle security and bug fix update nettle-devel-2.7.1-8.el7.i686.rpm | Linux |
| (RHSA-2016:2582) Moderate: nettle security and bug fix update nettle-devel-2.7.1-8.el7.x86_64.rpm | Linux |
| SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libhogweed2-2.7.1-9.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libhogweed2-32bit-2.7.1-9.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libhogweed2-debuginfo-2.7.1-9.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libhogweed2-debuginfo-32bit-2.7.1-9.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libnettle-debugsource-2.7.1-9.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libnettle4-2.7.1-9.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libnettle4-32bit-2.7.1-9.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libnettle4-debuginfo-2.7.1-9.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0455-1(SUSE Linux Enterprise Desktop 12-SP1 ) libnettle4-debuginfo-32bit-2.7.1-9.1.x86_64.rpm | Linux |
| Nettle update (ELSA-2016-2582) nettle-2.7.1-8.el7.x86_64.rpm | Linux |
| Nettle-devel update (ELSA-2016-2582) nettle-devel-2.7.1-8.el7.x86_64.rpm | Linux |
| Nettle update (ELSA-2016-2582) nettle-2.7.1-8.el7.i686.rpm | Linux |
| Nettle-devel update (ELSA-2016-2582) nettle-devel-2.7.1-8.el7.i686.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234