CVE-2021-3580

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Nettle (affected versions not specified)

Description A flaw was found in the way Nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. The vulnerability is related to insufficient input validation in the RSA decryption functions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2021:4451

ALT-PU-2021-2125

AZL-6741

BDU:2022-00233

CESA-2021_4451

CVE-2021-3580

DLA-2760-1

DSA-4933-1

MGASA-2021-0300

OESA-2021-1320

OPENSUSE-SU-2021:0906-1

OPENSUSE-SU-2021:2143-1

OPENSUSE-SU-2021_0906-1

OPENSUSE-SU-2021_2143-1

OPENSUSE-SU-2024:10962-1

RHSA-2021:4451

RHSA-2021_4451

RLSA-2021:4451

SUSE-SU-2021:2135-1

SUSE-SU-2021:2143-1

SUSE-SU-2021_2135-1

SUSE-SU-2021_2143-1

USN-4990-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Nettle

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2021-3580

Weakness Enumeration

Related Identifiers

Affected Products

References · 63