CVE-2021-3580

Published: 10 June 2021

Remote crash in RSA decryption via manipulated ciphertext

Priority

Medium

Status

Package Release Status
nettle
Launchpad, Ubuntu, Debian
Upstream
Released (3.7.3-1)
Ubuntu 21.04 (Hirsute Hippo)
Released (3.7-2.1ubuntu1.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (3.5.1+really3.5.1-2ubuntu0.2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.4.1-0ubuntu0.18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

Patches:
Upstream: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
Upstream: https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe

Notes

AuthorNote
mdeslaur
this fix relies on the RSA refactoring that is required to
fix CVE-2018-16869, which is too intrusive to backport to older
releases

References

Bugs