CVE-2021-20305

05.04.2021, 22:15

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 24%

Vendor	Product	Version
nettle_project	nettle	𝑥 < 3.7.2
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
netapp	active_iq_unified_manager	-
netapp	ontap_select_deploy_administration_utility	-
debian	debian_linux	9.0
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

nettle

bullseye	3.7.3-1 fixed
bookworm	3.8.1-2 fixed
sid	3.10-1 fixed
trixie	3.10-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

nettle

noble	Fixed 3.7-2.1ubuntu1 released
mantic	Fixed 3.7-2.1ubuntu1 released
lunar	Fixed 3.7-2.1ubuntu1 released
kinetic	Fixed 3.7-2.1ubuntu1 released
jammy	Fixed 3.7-2.1ubuntu1 released
impish	Fixed 3.7-2.1ubuntu1 released
hirsute	Fixed 3.7-2.1ubuntu1 released
groovy	Fixed 3.6-2ubuntu0.1 released
focal	Fixed 3.5.1+really3.5.1-2ubuntu0.1 released
bionic	Fixed 3.4-1ubuntu0.1 released
xenial	Fixed 3.2-1ubuntu0.16.04.2 released
trusty	needed

Common Weakness Enumeration

References

https://bugzilla.redhat.com/show_bug.cgi?id=1942533

https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63/

https://security.gentoo.org/glsa/202105-31