CVE-2021-3580

CVE-2021-3580

Name

CVE-2021-3580

Description

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=1967983
MLIST	https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html
CONFIRM	https://security.netapp.com/advisory/ntap-20211104-0006/

Type

URI

MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1967983

MLIST

https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html

CONFIRM

https://security.netapp.com/advisory/ntap-20211104-0006/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:nettle_project:nettle::::::::`	nettle	>= None	< 3.7.3

CPE URI

Source package

Min version

Max version

cpe:2.3:a:nettle_project:nettle:*:*:*:*:*:*:*:*

nettle

>= None

< 3.7.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
nettle	3.11-main	3.5.1-r0	Fabian Affolter <fabian@affolter-engineering.ch>	possibly vulnerable
nettle	3.14-main	3.7.3-r0	Fabian Affolter <fabian@affolter-engineering.ch>	fixed
nettle	3.13-main	3.7.3-r0	Fabian Affolter <fabian@affolter-engineering.ch>	fixed
nettle	3.15-main	3.7.3-r0	Fabian Affolter <fabian@affolter-engineering.ch>	fixed
nettle	3.12-main	3.5.1-r2	Fabian Affolter <fabian@affolter-engineering.ch>	fixed
nettle	3.16-main	3.7.3-r0	Fabian Affolter <fabian@affolter-engineering.ch>	fixed

Source package

Branch

Version

Maintainer

Status

nettle

3.11-main

3.5.1-r0

Fabian Affolter <fabian@affolter-engineering.ch>

possibly vulnerable

nettle

3.14-main