CVE-2021-20305
- ULN >
- Oracle Linux CVE repository >
- CVE-2021-20305
CVE Details
| Release Date: | 2021-04-05 |
Description
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
See more information about CVE-2021-20305 from MITRE CVE dictionary and NIST NVD
CVSS v3.0 metrics
NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.
| Base Score: | 8.1 | Base Metrics: | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Access Vector: | Network | Attack Complexity: | High |
| Privileges Required: | None | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | High |
| Integrity Impact: | High | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 7 (nettle) | ELSA-2021-1145 | 2021-04-09 |
| Oracle Linux version 8 (gnutls) | ELSA-2021-1206 | 2021-04-16 |
| Oracle Linux version 8 (nettle) | ELSA-2021-1206 | 2021-04-16 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
