what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

CVE-2021-20305

Status Candidate

Overview

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Related Files

Red Hat Security Advisory 2021-3556-01
Posted Sep 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3556-01 - Red Hat OpenShift Serverless 1.17.0 release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7 and 4.8, and includes security and bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-10228, CVE-2017-14502, CVE-2019-25013, CVE-2019-2708, CVE-2019-9169, CVE-2020-13434, CVE-2020-15358, CVE-2020-27618, CVE-2020-28196, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2020-8927, CVE-2021-20271, CVE-2021-20305, CVE-2021-27218, CVE-2021-27918, CVE-2021-31525, CVE-2021-33195, CVE-2021-33196, CVE-2021-33197, CVE-2021-33198, CVE-2021-3326
SHA-256 | 42f4f7ff781503e879093e45c39f5c6db0ee7bf66f04a76cc6a3a41a08638018
Red Hat Security Advisory 2021-2760-01
Posted Jul 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2760-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

tags | advisory, kernel, cryptography, python
systems | linux, redhat
advisories | CVE-2021-20305
SHA-256 | e42ce41d08e975a1430a27c51239e1c6b441bfc1ee6419a8f1260663774b670b
Red Hat Security Advisory 2021-2758-01
Posted Jul 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2758-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

tags | advisory, kernel, cryptography, python
systems | linux, redhat
advisories | CVE-2021-20305
SHA-256 | f366a4741628270515ea9df33e6f46069b4595fc20f17cc3b7778a467f9fa2f9
Debian Security Advisory 4933-1
Posted Jun 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4933-1 - Multiple vulnerabilities were discovered in nettle, a low level cryptographic library, which could result in denial of service (remote crash in RSA decryption via specially crafted ciphertext, crash on ECDSA signature verification) or incorrect verification of ECDSA signatures.

tags | advisory, remote, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2021-20305, CVE-2021-3580
SHA-256 | 2215cb9496006024c8f5c103dd9ae8a1ceb2a93d6d2ff478f20730eb50d664af
Red Hat Security Advisory 2021-2543-01
Posted Jun 24, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2543-01 - Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2016-10228, CVE-2017-14502, CVE-2019-25013, CVE-2019-2708, CVE-2019-3842, CVE-2019-9169, CVE-2020-13434, CVE-2020-13776, CVE-2020-13949, CVE-2020-15358, CVE-2020-24977, CVE-2020-26116, CVE-2020-27618, CVE-2020-27619, CVE-2020-28196, CVE-2020-28362, CVE-2020-28500, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2020-8927, CVE-2021-20305, CVE-2021-23336
SHA-256 | de10f870e361f9c40e606f0ad79acca7e8e375dc5f52949dbafbc84fbfe8b8b3
Red Hat Security Advisory 2021-2532-01
Posted Jun 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2532-01 - Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-10228, CVE-2017-14502, CVE-2019-25013, CVE-2019-2708, CVE-2019-3842, CVE-2019-9169, CVE-2020-13434, CVE-2020-13776, CVE-2020-15358, CVE-2020-24977, CVE-2020-26116, CVE-2020-27618, CVE-2020-27619, CVE-2020-28196, CVE-2020-28362, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2020-8927, CVE-2021-20305, CVE-2021-23336, CVE-2021-27219, CVE-2021-3114
SHA-256 | 6df91b966c2f87eaa0baa1dffa7ac30d99e91800fcb0ddee8e2b10e21c68d59c
Red Hat Security Advisory 2021-2130-01
Posted Jun 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2130-01 - Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a man-in-the-middle vulnerability.

tags | advisory
systems | linux, redhat, windows
advisories | CVE-2016-10228, CVE-2017-14502, CVE-2019-25013, CVE-2019-2708, CVE-2019-3842, CVE-2019-9169, CVE-2020-13434, CVE-2020-13776, CVE-2020-15358, CVE-2020-24977, CVE-2020-27618, CVE-2020-28196, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2020-8927, CVE-2021-20305, CVE-2021-25736, CVE-2021-27219, CVE-2021-3326, CVE-2021-3449, CVE-2021-3450
SHA-256 | cee16136d7421cbe5ca19256caf3668d7fa40f347e02a96e5696e4c7709cca44
Red Hat Security Advisory 2021-2356-01
Posted Jun 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2356-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

tags | advisory, kernel, cryptography, python
systems | linux, redhat
advisories | CVE-2021-20305
SHA-256 | f0b868aecc984ffac536b2f7445dec720e102809e48c65ea1b5287ba47f543d5
Red Hat Security Advisory 2021-2280-01
Posted Jun 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2280-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

tags | advisory, kernel, cryptography, python
systems | linux, redhat
advisories | CVE-2021-20305
SHA-256 | 25a368fa3e5e2ba5618296e78e07cf7dddc9a96c8c3b675919627a7ed133283b
Gentoo Linux Security Advisory 202105-31
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-31 - A vulnerability in Nettle could lead to a Denial of Service condition. Versions less than 3.7.2 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2021-20305
SHA-256 | ba28dbe13dea6d4eb34e3b66c850cd358b6711db040d6dfd806ce56b9fe17d07
Red Hat Security Advisory 2021-2053-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2053-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-15586, CVE-2020-16845, CVE-2020-25648, CVE-2020-25692, CVE-2020-28362, CVE-2021-20305, CVE-2021-25215, CVE-2021-3114, CVE-2021-3557
SHA-256 | ce471a28ec74a5eecc98ff4598c206f9de1972ab46d04c66952b686d97864901
Red Hat Security Advisory 2021-2041-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2041-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-25678, CVE-2020-26160, CVE-2020-26289, CVE-2020-28362, CVE-2020-7608, CVE-2020-7774, CVE-2020-8565, CVE-2021-20305, CVE-2021-3114, CVE-2021-3139, CVE-2021-3449, CVE-2021-3450, CVE-2021-3528
SHA-256 | 207485ff1991adec31c517e8d791b7e6d4e2eb37215ab5caba07707d934fa380
Red Hat Security Advisory 2021-1429-01
Posted May 6, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1429-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include an XML injection vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-25649, CVE-2021-20305, CVE-2021-2163, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3347, CVE-2021-3447
SHA-256 | 080261f12c95415e46d2e885ab13d75245d27a7ac95fd992cb11dd540475be30
Red Hat Security Advisory 2021-1499-01
Posted May 6, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1499-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-28469, CVE-2021-20305, CVE-2021-23358, CVE-2021-28092, CVE-2021-28918, CVE-2021-29418
SHA-256 | 8ee86af2e6e5cf257adb8180ff1684b68bd6f19ef3a9e51835ae1cfb07136e35
Red Hat Security Advisory 2021-1448-01
Posted Apr 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1448-01 - Red Hat Advanced Cluster Management for Kubernetes 2.0.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which resolve some security issues and bugs. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2020-15586, CVE-2020-16845, CVE-2020-27152, CVE-2020-28362, CVE-2020-28374, CVE-2021-20305, CVE-2021-23358, CVE-2021-26708, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3347, CVE-2021-3449, CVE-2021-3450
SHA-256 | e0ed9dcea65dc8c6aed72a7323bfdf194a8e68c45019b280ca356c117d319f9c
Red Hat Security Advisory 2021-1225-01
Posted Apr 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1225-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-20305, CVE-2021-3121
SHA-256 | 3a05bad80a674718355ebe46f5046e9703939e28d4e4b101737c1cfa71cb54d0
Red Hat Security Advisory 2021-1369-01
Posted Apr 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1369-01 - Red Hat Advanced Cluster Management for Kubernetes 2.1.6 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2020-14040, CVE-2020-27152, CVE-2020-28374, CVE-2020-35149, CVE-2021-20218, CVE-2021-20305, CVE-2021-26708, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3121, CVE-2021-3347, CVE-2021-3449, CVE-2021-3450
SHA-256 | 019fe35bad08451966b333b48fcaaaf15597ee545c7cbbff9ea4261482d338df
Red Hat Security Advisory 2021-1338-01
Posted Apr 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1338-01 - Red Hat OpenShift Serverless 1.14.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2021-20305, CVE-2021-3114, CVE-2021-3115, CVE-2021-3449, CVE-2021-3450
SHA-256 | a30988ff66266b2db5f8acca7f2c0152290e88ca56893b70bb73ae89269755fb
Red Hat Security Advisory 2021-1246-01
Posted Apr 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1246-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

tags | advisory, kernel, cryptography, protocol, python
systems | linux, redhat
advisories | CVE-2021-20305
SHA-256 | a6ed120c427bdf965416633946bf2c8c87af6e47ae6eeb335fa638330e7de30b
Red Hat Security Advisory 2021-1245-01
Posted Apr 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1245-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

tags | advisory, kernel, cryptography, protocol, python
systems | linux, redhat
advisories | CVE-2021-20305
SHA-256 | 03ae9d4d6c692462185f91ccac59efd11a557f501eca9ed834b624631545538d
Red Hat Security Advisory 2021-1206-01
Posted Apr 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1206-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

tags | advisory, kernel, cryptography, protocol, python
systems | linux, redhat
advisories | CVE-2021-20305
SHA-256 | cfc2ddbf194ca98e9bd00034d5a3de9b781c3c4eaf8683beb24a941d9f66d122
Ubuntu Security Notice USN-4906-1
Posted Apr 13, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4906-1 - It was discovered that Nettle incorrectly handled signature verification. A remote attacker could use this issue to cause Nettle to crash, resulting in a denial of service, or possibly force invalid signatures.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-20305
SHA-256 | 86bdfb5fa412692314b5a637ddc0ae040de86955f40b83927a78c3bfe119cce7
Red Hat Security Advisory 2021-1145-01
Posted Apr 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1145-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

tags | advisory, kernel, cryptography, python
systems | linux, redhat
advisories | CVE-2021-20305
SHA-256 | c64e53f209824c0541aa87a7b3d247fd85ddd3bfb744137d79b41874b72f64e3
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close