A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
{ "binaries": [ { "binary_name": "libhogweed4", "binary_version": "3.4.1-0ubuntu0.18.04.1" }, { "binary_name": "libhogweed4-dbgsym", "binary_version": "3.4.1-0ubuntu0.18.04.1" }, { "binary_name": "libnettle6", "binary_version": "3.4.1-0ubuntu0.18.04.1" }, { "binary_name": "libnettle6-dbgsym", "binary_version": "3.4.1-0ubuntu0.18.04.1" }, { "binary_name": "nettle-bin", "binary_version": "3.4.1-0ubuntu0.18.04.1" }, { "binary_name": "nettle-bin-dbgsym", "binary_version": "3.4.1-0ubuntu0.18.04.1" }, { "binary_name": "nettle-dev", "binary_version": "3.4.1-0ubuntu0.18.04.1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "libhogweed5", "binary_version": "3.5.1+really3.5.1-2ubuntu0.2" }, { "binary_name": "libhogweed5-dbgsym", "binary_version": "3.5.1+really3.5.1-2ubuntu0.2" }, { "binary_name": "libnettle7", "binary_version": "3.5.1+really3.5.1-2ubuntu0.2" }, { "binary_name": "libnettle7-dbgsym", "binary_version": "3.5.1+really3.5.1-2ubuntu0.2" }, { "binary_name": "nettle-bin", "binary_version": "3.5.1+really3.5.1-2ubuntu0.2" }, { "binary_name": "nettle-bin-dbgsym", "binary_version": "3.5.1+really3.5.1-2ubuntu0.2" }, { "binary_name": "nettle-dev", "binary_version": "3.5.1+really3.5.1-2ubuntu0.2" } ], "availability": "No subscription required" }