QwikSec

Security Database

CVE

CWE

Training

CVE-2021-20305

Published: Apr 5, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Vendor	Product	Versions
n/a	nettle	affected `nettle 3.7.2`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1942533

x_refsource_MISC

vendor-advisory

x_refsource_GENTOO

FEDORA-2021-454a0f6f76

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20210918 [SECURITY] [DLA 2760-1] nettle security update

mailing-list

x_refsource_MLIST

https://security.netapp.com/advisory/ntap-20211022-0002/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.