Nettleproject Nettle
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Nettleproject Nettle.
By the Year
In 2025 there have been 0 vulnerabilities in Nettleproject Nettle. Nettle did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.80 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 7.80 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 5.70 |
It may take a day or so for new Nettle vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Nettleproject Nettle Security Vulnerabilities
The OCB feature in libnettle in Nettle 3.9 before 3.9.1
CVE-2023-36660
9.8 - Critical
- June 25, 2023
The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.
Memory Corruption
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext
CVE-2021-3580
7.5 - High
- August 05, 2021
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
Improper Input Validation
A flaw was found in Nettle in versions before 3.7.2
CVE-2021-20305
8.1 - High
- April 05, 2021
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
Memory Corruption
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data
CVE-2018-16869
5.7 - Medium
- December 03, 2018
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
Side Channel Attack
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by Nettleproject? Click the Watch button to subscribe.
