Nettle Nettleproject Nettle

Do you want an email whenever new security vulnerabilities are reported in Nettleproject Nettle?

By the Year

In 2022 there have been 0 vulnerabilities in Nettleproject Nettle . Last year Nettle had 2 security vulnerabilities published. Right now, Nettle is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 2 7.80
2020 0 0.00
2019 0 0.00
2018 1 5.70

It may take a day or so for new Nettle vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Nettleproject Nettle Security Vulnerabilities

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext

CVE-2021-3580 7.5 - High - August 05, 2021

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

Improper Input Validation

A flaw was found in Nettle in versions before 3.7.2

CVE-2021-20305 8.1 - High - April 05, 2021

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Memory Corruption

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data

CVE-2018-16869 5.7 - Medium - December 03, 2018

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

Cryptographic Issues

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by Nettleproject? Click the Watch button to subscribe.

subscribe