CVE-2021-3798

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-3798

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3798.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-3798

Related

UBUNTU-CVE-2021-3798

Published

2022-08-23T16:15:09Z

Modified

2025-07-02T00:07:51.315395Z

Downstream

RHBA-2021:3054

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.

References

Affected packages

Git / github.com/opencryptoki/opencryptoki

Affected ranges

Type: GIT
Repo: https://github.com/opencryptoki/opencryptoki
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4e3b43c3d8844402c04a66b55c6c940f965109f0

Affected versions

v2.*

v2.3.2

v2.3.3

v2.4.3

v2.4.3.1

v3.*

v3.0

v3.1

v3.10.0

v3.11.0

v3.11.1

v3.12.0

v3.12.1

v3.13.0

v3.14.0

v3.15.0

v3.15.1

v3.16.0

v3.2

v3.3

v3.4

v3.4.1

v3.5

v3.6

v3.6.1

v3.6.2

v3.7.0

v3.8.0

v3.8.1

v3.8.2

v3.9.0