Home

CVE-2021-3580

Description

A flaw was found in the way nettles RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.038

Associated Vulnerability

VulnerabilityOS Platform
low level cryptographic library (USN-4990-1) libnettle6_3.4.1-0ubuntu0.18.04.1_i386.debLinux
low level cryptographic library (USN-4990-1) libnettle6_3.4.1-0ubuntu0.18.04.1_amd64.debLinux
low level cryptographic library (USN-4990-1) libnettle7_3.5.1+really3.5.1-2ubuntu0.2_i386.debLinux
low level cryptographic library (USN-4990-1) libnettle7_3.5.1+really3.5.1-2ubuntu0.2_amd64.debLinux
low level cryptographic library (USN-4990-1) libnettle8_3.6-2ubuntu0.2_i386.debLinux
low level cryptographic library (USN-4990-1) libnettle8_3.6-2ubuntu0.2_amd64.debLinux
low level cryptographic library (USN-4990-1) libnettle8_3.7-2.1ubuntu1.1_i386.debLinux
low level cryptographic library (USN-4990-1) libnettle8_3.7-2.1ubuntu1.1_amd64.debLinux
SUSE-SU-2021:2135-1(SUSE Linux Enterprise Server 12-SP5 ) libhogweed2-2.7.1-13.6.1.x86_64.rpmLinux
SUSE-SU-2021:2135-1(SUSE Linux Enterprise Server 12-SP5 ) libhogweed2-32bit-2.7.1-13.6.1.x86_64.rpmLinux
SUSE-SU-2021:2135-1(SUSE Linux Enterprise Server 12-SP5 ) libhogweed2-debuginfo-2.7.1-13.6.1.x86_64.rpmLinux
SUSE-SU-2021:2135-1(SUSE Linux Enterprise Server 12-SP5 ) libhogweed2-debuginfo-32bit-2.7.1-13.6.1.x86_64.rpmLinux
SUSE-SU-2021:2135-1(SUSE Linux Enterprise Server 12-SP5 ) libnettle-debugsource-2.7.1-13.6.1.x86_64.rpmLinux
SUSE-SU-2021:2135-1(SUSE Linux Enterprise Server 12-SP5 ) libnettle4-2.7.1-13.6.1.x86_64.rpmLinux
SUSE-SU-2021:2135-1(SUSE Linux Enterprise Server 12-SP5 ) libnettle4-32bit-2.7.1-13.6.1.x86_64.rpmLinux
SUSE-SU-2021:2135-1(SUSE Linux Enterprise Server 12-SP5 ) libnettle4-debuginfo-2.7.1-13.6.1.x86_64.rpmLinux
SUSE-SU-2021:2135-1(SUSE Linux Enterprise Server 12-SP5 ) libnettle4-debuginfo-32bit-2.7.1-13.6.1.x86_64.rpmLinux
gnutls and nettle security, bug fix, and enhancement update (RLSA-2021:4451) gnutls-3.6.16-4.el8.i686.rpmLinux
gnutls and nettle security, bug fix, and enhancement update (RLSA-2021:4451) gnutls-3.6.16-4.el8.x86_64.rpmLinux
gnutls and nettle security, bug fix, and enhancement update (RLSA-2021:4451) nettle-3.4.1-7.el8.i686.rpmLinux
gnutls and nettle security, bug fix, and enhancement update (RLSA-2021:4451) nettle-3.4.1-7.el8.x86_64.rpmLinux
gnutls and nettle security, bug fix, and enhancement update (RLSA-2021:4451) gnutls-c++-3.6.16-4.el8.i686.rpmLinux
gnutls and nettle security, bug fix, and enhancement update (RLSA-2021:4451) gnutls-c++-3.6.16-4.el8.x86_64.rpmLinux
gnutls and nettle security, bug fix, and enhancement update (RLSA-2021:4451) gnutls-dane-3.6.16-4.el8.i686.rpmLinux
gnutls and nettle security, bug fix, and enhancement update (RLSA-2021:4451) gnutls-dane-3.6.16-4.el8.x86_64.rpmLinux
gnutls and nettle security, bug fix, and enhancement update (RLSA-2021:4451) gnutls-devel-3.6.16-4.el8.i686.rpmLinux
gnutls and nettle security, bug fix, and enhancement update (RLSA-2021:4451) gnutls-devel-3.6.16-4.el8.x86_64.rpmLinux
gnutls and nettle security, bug fix, and enhancement update (RLSA-2021:4451) gnutls-utils-3.6.16-4.el8.x86_64.rpmLinux
gnutls and nettle security, bug fix, and enhancement update (RLSA-2021:4451) nettle-devel-3.4.1-7.el8.i686.rpmLinux
gnutls and nettle security, bug fix, and enhancement update (RLSA-2021:4451) nettle-devel-3.4.1-7.el8.x86_64.rpmLinux
SUSE-SU-2021:2143-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libnettle6-3.4.1-4.18.1.x86_64.rpmLinux
SUSE-SU-2021:2143-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libhogweed4-3.4.1-4.18.1.x86_64.rpmLinux
SUSE-SU-2021:2143-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libnettle-devel-3.4.1-4.18.1.x86_64.rpmLinux
SUSE-SU-2021:2143-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libnettle6-32bit-3.4.1-4.18.1.x86_64.rpmLinux
SUSE-SU-2021:2143-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libhogweed4-32bit-3.4.1-4.18.1.x86_64.rpmLinux
SUSE-SU-2021:2143-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libnettle6-debuginfo-3.4.1-4.18.1.x86_64.rpmLinux
SUSE-SU-2021:2143-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libhogweed4-debuginfo-3.4.1-4.18.1.x86_64.rpmLinux
SUSE-SU-2021:2143-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libnettle-debugsource-3.4.1-4.18.1.x86_64.rpmLinux
SUSE-SU-2021:2143-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libnettle6-32bit-debuginfo-3.4.1-4.18.1.x86_64.rpmLinux
SUSE-SU-2021:2143-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libhogweed4-32bit-debuginfo-3.4.1-4.18.1.x86_64.rpmLinux
Gnutls update (ELSA-2021-4451) gnutls-3.6.16-4.el8.i686.rpmLinux
Gnutls update (ELSA-2021-4451) gnutls-3.6.16-4.el8.x86_64.rpmLinux
Gnutls-c++ update (ELSA-2021-4451) gnutls-c++-3.6.16-4.el8.i686.rpmLinux
Gnutls-c++ update (ELSA-2021-4451) gnutls-c++-3.6.16-4.el8.x86_64.rpmLinux
Gnutls-dane update (ELSA-2021-4451) gnutls-dane-3.6.16-4.el8.i686.rpmLinux
Gnutls-dane update (ELSA-2021-4451) gnutls-dane-3.6.16-4.el8.x86_64.rpmLinux
Gnutls-devel update (ELSA-2021-4451) gnutls-devel-3.6.16-4.el8.i686.rpmLinux
Gnutls-devel update (ELSA-2021-4451) gnutls-devel-3.6.16-4.el8.x86_64.rpmLinux
Gnutls-utils update (ELSA-2021-4451) gnutls-utils-3.6.16-4.el8.x86_64.rpmLinux
Nettle update (ELSA-2021-4451) nettle-3.4.1-7.el8.i686.rpmLinux
Nettle update (ELSA-2021-4451) nettle-3.4.1-7.el8.x86_64.rpmLinux
Nettle-devel update (ELSA-2021-4451) nettle-devel-3.4.1-7.el8.i686.rpmLinux
Nettle-devel update (ELSA-2021-4451) nettle-devel-3.4.1-7.el8.x86_64.rpmLinux
Moderate: gnutls and nettle security, bug fix, and enhancement update nettle-3.4.1-7.el8.x86_64.rpmLinux
Moderate: gnutls and nettle security, bug fix, and enhancement update nettle-devel-3.4.1-7.el8.i686.rpmLinux
Moderate: gnutls and nettle security, bug fix, and enhancement update nettle-devel-3.4.1-7.el8.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234