9.8

CVE-2023-36660

The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nettle ProjectNettle Version3.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.02% 0.591
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://security.gentoo.org/glsa/202401-24
https://bugzilla.suse.com/show_bug.cgi?id=1212112
Patch
Issue Tracking
https://git.lysator.liu.se/nettle/nettle/-/commit/867a4548b95705291a3afdd66d76e7f17ba2618f
Patch
https://git.lysator.liu.se/nettle/nettle/-/compare/nettle_3.9_release_20230514...nettle_3.9.1_release_20230601
Patch