CVE-2021-3580

Name
CVE-2021-3580
Description
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1967983

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:nettle_project:nettle:*:*:*:*:*:*:*:* nettle >= None < 3.7.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
nettle 3.12-main 3.5.1-r1 Fabian Affolter <fabian@affolter-engineering.ch> possibly vulnerable
nettle 3.11-main 3.5.1-r0 Fabian Affolter <fabian@affolter-engineering.ch> possibly vulnerable
nettle edge-main 3.7.3-r0 Fabian Affolter <fabian@affolter-engineering.ch> fixed
nettle 3.14-main 3.7.3-r0 Fabian Affolter <fabian@affolter-engineering.ch> fixed
nettle 3.13-main 3.7.3-r0 Fabian Affolter <fabian@affolter-engineering.ch> fixed