Vulnerabilities > Nettle Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-25 | CVE-2023-36660 | Out-of-bounds Write vulnerability in Nettle Project Nettle 3.9 The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption. | 9.8 |
| 2021-08-05 | CVE-2021-3580 | Improper Input Validation vulnerability in multiple products A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. | 7.5 |
| 2021-04-05 | CVE-2021-20305 | Out-of-bounds Write vulnerability in multiple products A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. | 8.1 |
| 2018-12-03 | CVE-2018-16869 | Information Exposure Through Discrepancy vulnerability in Nettle Project Nettle A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. | 5.7 |
| 2017-04-14 | CVE-2016-6489 | Information Exposure Through Discrepancy vulnerability in multiple products The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. | 7.5 |
| 2016-02-23 | CVE-2015-8805 | Cryptographic Issues vulnerability in multiple products The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. | 9.8 |
| 2016-02-23 | CVE-2015-8804 | 7PK - Security Features vulnerability in multiple products x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. | 9.8 |
| 2016-02-23 | CVE-2015-8803 | 7PK - Security Features vulnerability in multiple products The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. | 9.8 |