---

CVE-2021-20305 - log back

CVE-2021-20305 edited at 02 Apr 2021 10:46:53
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Signature forgery
Description	+ A security issue was found in Nettle, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1942533 + https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html + https://git.lysator.liu.se/nettle/nettle/-/commit/a63893791280d441c713293491da97c79c0950fe + https://git.lysator.liu.se/nettle/nettle/-/commit/971bed6ab4b27014eb23085e8176917e1a096fd5 + https://git.lysator.liu.se/nettle/nettle/-/commit/74ee0e82b6891e090f20723750faeb19064e31b2 + https://git.lysator.liu.se/nettle/nettle/-/commit/51f643eee00e2caa65c8a2f5857f49acdf3ef1ce + https://git.lysator.liu.se/nettle/nettle/-/commit/401c8d53d8a8cf1e79980e62bda3f946f8e07c14 + https://git.lysator.liu.se/nettle/nettle/-/commit/ae3801a0e5cce276c270973214385c86048d5f7b + https://git.lysator.liu.se/nettle/nettle/-/commit/63f222c60b03470c0005aa9bc4296fbf585f68b9
Notes

CVE-2021-20305 created at 02 Apr 2021 10:44:00