CVE-2021-3580 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
Multiple issues were found with Nettle's RSA decryption functions before version 3.7.3. These can be triggered by providing manipulated ciphertext and could lead to application crash and denial of service. Since nettle is used with gnuTLS, there is a possibility that a remote client could crash a server compiled with gnuTLS when RSA is used for the initial key exchange.
Group Package Affected Fixed Severity Status Ticket
AVG-2052 nettle 3.7.2-1 3.7.3-1 Medium Fixed
Date Advisory Group Package Severity Type
09 Jun 2021 ASA-202106-28 AVG-2052 nettle Medium denial of service
References
https://bugzilla.redhat.com/show_bug.cgi?id=1967983
https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe
https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c