OESA-2021-1177
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1177
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2021-1177.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2021-1177
- Upstream
- Published
- 2021-05-06T11:02:53Z
- Modified
- 2025-08-12T05:07:08.427869Z
- Summary
- nettle security update
- Details
-
Nettle is a cryptographic library designed to fit any context: in crypto toolkits for object-oriented languages, in applications like LSH or GnuPG, or even in kernel space.
Security Fix(es):
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-20305)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP1 / nettle
Package
- Name
- nettle
- Purl
- pkg:rpm/openEuler/nettle&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6-2.oe1
Ecosystem specific
{
"src": [
"nettle-3.6-2.oe1.src.rpm"
],
"x86_64": [
"nettle-3.6-2.oe1.x86_64.rpm",
"nettle-debuginfo-3.6-2.oe1.x86_64.rpm",
"nettle-debugsource-3.6-2.oe1.x86_64.rpm",
"nettle-devel-3.6-2.oe1.x86_64.rpm"
],
"aarch64": [
"nettle-debugsource-3.6-2.oe1.aarch64.rpm",
"nettle-devel-3.6-2.oe1.aarch64.rpm",
"nettle-3.6-2.oe1.aarch64.rpm",
"nettle-debuginfo-3.6-2.oe1.aarch64.rpm"
],
"noarch": [
"nettle-help-3.6-2.oe1.noarch.rpm"
]
}