summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2021-04-01 09:00:18 +0200
committerSalvatore Bonaccorso <carnil@debian.org>2021-04-01 09:00:18 +0200
commit5137b45766cb7b0a0f1e65af9cbf9d57b74a1630 (patch)
tree55a2085f2345e53fa617b8dc5f2d1da3e3f7270b
parent6ab8db4a7a8d9aae1b79ba95297e1589ebe334c8 (diff)
Add assigned nettle CVE
Diffstat
-rw-r--r--data/CVE/2021.list20
1 files changed, 18 insertions, 2 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index b2acdf21b0..206161ffa0 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -20673,8 +20673,24 @@ CVE-2021-20307
RESERVED
CVE-2021-20306
RESERVED
-CVE-2021-20305
- RESERVED
+CVE-2021-20305 [Out of Bound memory access in signature verification]
+ RESERVED
+ - nettle <unfixed>
+ NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html
+ NOTE: New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/a63893791280d441c713293491da97c79c0950fe
+ NOTE: Use ecc_mod_mul_canonical for point comparison:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/971bed6ab4b27014eb23085e8176917e1a096fd5
+ NOTE: Fix bug in ecc_ecdsa_verify:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/74ee0e82b6891e090f20723750faeb19064e31b2
+ NOTE: Ensure ecdsa_sign output is canonically reduced:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/51f643eee00e2caa65c8a2f5857f49acdf3ef1ce
+ NOTE: Analogous fix to ecc_gostdsa_verify:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/401c8d53d8a8cf1e79980e62bda3f946f8e07c14
+ NOTE: Similar fix for eddsa:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/ae3801a0e5cce276c270973214385c86048d5f7b
+ NOTE: Fix canonical reduction in gostdsa_vko:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/63f222c60b03470c0005aa9bc4296fbf585f68b9
CVE-2021-20304
RESERVED
CVE-2021-20303

© 2014-2024 Faster IT GmbH | imprint | privacy policy