CVE-2021-3580 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	Multiple issues were found with Nettle's RSA decryption functions before version 3.7.3. These can be triggered by providing manipulated ciphertext and could lead to application crash and denial of service. Since nettle is used with gnuTLS, there is a possibility that a remote client could crash a server compiled with gnuTLS when RSA is used for the initial key exchange.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2052	nettle	3.7.2-1	3.7.3-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
09 Jun 2021	ASA-202106-28	AVG-2052	nettle	Medium	denial of service

References
https://bugzilla.redhat.com/show_bug.cgi?id=1967983 https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c

References

https://bugzilla.redhat.com/show_bug.cgi?id=1967983
https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe
https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c