ALT-PU-2016-1076-1
Closed vulnerabilities
BDU:2016-00609
Уязвимость криптографической библиотеки Nettle, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2016-00708
Уязвимость криптографической библиотеки Nettle, позволяющая нарушителю повлиять на конфиденциальность, целостность и доступность защищаемой информации
BDU:2016-00709
Уязвимость криптографической библиотеки Nettle, позволяющая нарушителю повлиять на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-11-21
CVE-2015-8803
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
- FEDORA-2016-89968f88d2
- FEDORA-2016-89968f88d2
- FEDORA-2016-aa00f0631d
- FEDORA-2016-aa00f0631d
- FEDORA-2016-8ee88aee21
- FEDORA-2016-8ee88aee21
- openSUSE-SU-2016:0475
- openSUSE-SU-2016:0475
- openSUSE-SU-2016:0477
- openSUSE-SU-2016:0477
- openSUSE-SU-2016:0486
- openSUSE-SU-2016:0486
- RHSA-2016:2582
- RHSA-2016:2582
- [oss-security] 20160202 Miscomputations of elliptic curve scalar multiplications in Nettle
- [oss-security] 20160202 Miscomputations of elliptic curve scalar multiplications in Nettle
- [oss-security] 20160202 Re: Miscomputations of elliptic curve scalar multiplications in Nettle
- [oss-security] 20160202 Re: Miscomputations of elliptic curve scalar multiplications in Nettle
- USN-2897-1
- USN-2897-1
- https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html
- https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html
- https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
- https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
- [info-gnu] 20160128 ANNOUNCE: Nettle-3.2
- [info-gnu] 20160128 ANNOUNCE: Nettle-3.2
- [nettle-bugs] 20151212 secp256 calculation bug (already fixed)
- [nettle-bugs] 20151212 secp256 calculation bug (already fixed)
Modified: 2024-11-21
CVE-2015-8804
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
- openSUSE-SU-2016:0475
- openSUSE-SU-2016:0475
- openSUSE-SU-2016:0477
- openSUSE-SU-2016:0477
- openSUSE-SU-2016:0486
- openSUSE-SU-2016:0486
- RHSA-2016:2582
- RHSA-2016:2582
- [oss-security] 20160202 Miscomputations of elliptic curve scalar multiplications in Nettle
- [oss-security] 20160202 Miscomputations of elliptic curve scalar multiplications in Nettle
- [oss-security] 20160202 Re: Miscomputations of elliptic curve scalar multiplications in Nettle
- [oss-security] 20160202 Re: Miscomputations of elliptic curve scalar multiplications in Nettle
- USN-2897-1
- USN-2897-1
- https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html
- https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html
- https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c901dbd84a12e52b918a09cd7
- https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c901dbd84a12e52b918a09cd7
- [info-gnu] 20160128 ANNOUNCE: Nettle-3.2
- [info-gnu] 20160128 ANNOUNCE: Nettle-3.2
- [nettle-bugs] 20151211 Miscalculations on secp384 curve
- [nettle-bugs] 20151211 Miscalculations on secp384 curve
Modified: 2024-11-21
CVE-2015-8805
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
- openSUSE-SU-2016:0475
- openSUSE-SU-2016:0475
- openSUSE-SU-2016:0477
- openSUSE-SU-2016:0477
- openSUSE-SU-2016:0486
- openSUSE-SU-2016:0486
- RHSA-2016:2582
- RHSA-2016:2582
- [oss-security] 20160202 Miscomputations of elliptic curve scalar multiplications in Nettle
- [oss-security] 20160202 Miscomputations of elliptic curve scalar multiplications in Nettle
- [oss-security] 20160202 Re: Miscomputations of elliptic curve scalar multiplications in Nettle
- [oss-security] 20160202 Re: Miscomputations of elliptic curve scalar multiplications in Nettle
- 84272
- 84272
- USN-2897-1
- USN-2897-1
- https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html
- https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html
- https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
- https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d