8 Jun
2021
8 Jun
'21
7:13 p.m.
nisse@lysator.liu.se (Niels Möller) writes:
I've prepared a new bug-fix release of Nettle, a low-level cryptographics library, to fix bugs in the RSA decryption functions. The bugs cause crashes on certain invalid inputs, which could be used for denial of service attacks on applications using these functions.
I forgot to reference the CVE id allocated for this problem: CVE-2021-3580 (at the moment still in the "reserved" state). Thanks to Simo Sorce and Redhat for that registration.
Regards, /Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.