Vulnerabilities (CVE)

Filtered by vendor Nettle Project Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2015-8803	3 Canonical, Nettle Project, Opensuse	4 Ubuntu Linux, Nettle, Leap and 1 more	2018-10-30	7.5 HIGH	9.8 CRITICAL
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
CVE-2015-8804	3 Canonical, Nettle Project, Opensuse	4 Ubuntu Linux, Nettle, Leap and 1 more	2018-10-30	7.5 HIGH	9.8 CRITICAL
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
CVE-2015-8805	3 Canonical, Nettle Project, Opensuse	4 Ubuntu Linux, Nettle, Leap and 1 more	2018-10-30	7.5 HIGH	9.8 CRITICAL
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.