UBUNTU-CVE-2021-3798

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-3798

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-3798.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-3798

Upstream

CVE-2021-3798

Published

2022-08-23T16:15:00Z

Modified

2025-07-14T06:34:41.829805Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- medium

Summary

[none]

Details

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.

References

Affected packages

Ubuntu:Pro:16.04:LTS / opencryptoki

Package

Name: opencryptoki
Purl: pkg:deb/ubuntu/opencryptoki@3.4.1+dfsg-1ubuntu4.1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.1+dfsg-3ubuntu5

3.*

3.4.1+dfsg-1ubuntu1

3.4.1+dfsg-1ubuntu2

3.4.1+dfsg-1ubuntu3

3.4.1+dfsg-1ubuntu4

3.4.1+dfsg-1ubuntu4.1

Ubuntu:Pro:18.04:LTS / opencryptoki

Package

Name: opencryptoki
Purl: pkg:deb/ubuntu/opencryptoki@3.9.0+dfsg-0ubuntu1.4?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.7.0+dfsg-4

3.8.1+dfsg-2

3.8.1+dfsg-3

3.8.2+dfsg-0ubuntu1

3.9.0+dfsg-0ubuntu1

3.9.0+dfsg-0ubuntu1.1

3.9.0+dfsg-0ubuntu1.2

3.9.0+dfsg-0ubuntu1.3

3.9.0+dfsg-0ubuntu1.4

Ubuntu:Pro:20.04:LTS / opencryptoki

Package

Name: opencryptoki
Purl: pkg:deb/ubuntu/opencryptoki@3.13.0+dfsg-0ubuntu5.2?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.11.1+dfsg-0ubuntu2

3.11.1+dfsg-0ubuntu3

3.12.1+dfsg-0ubuntu1

3.13.0+dfsg-0ubuntu4

3.13.0+dfsg-0ubuntu5

3.13.0+dfsg-0ubuntu5.1

3.13.0+dfsg-0ubuntu5.2

Ubuntu:22.04:LTS / opencryptoki

Package

Name: opencryptoki
Purl: pkg:deb/ubuntu/opencryptoki@3.17.0+dfsg+20220202.b40982e-0ubuntu1.2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.16.0+dfsg-0ubuntu1

3.16.0+dfsg-0ubuntu2

3.16.0+dfsg-0ubuntu3

3.17.0+dfsg+20220202.b40982e-0ubuntu1

3.17.0+dfsg+20220202.b40982e-0ubuntu1.1

3.17.0+dfsg+20220202.b40982e-0ubuntu1.2

Ubuntu:24.04:LTS / opencryptoki

Package

Name: opencryptoki
Purl: pkg:deb/ubuntu/opencryptoki@3.23.0+dfsg-0ubuntu3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.21.0+dfsg-0ubuntu1

3.21.0+dfsg-0ubuntu2

3.22.0+dfsg-0ubuntu1

3.23.0+dfsg-0ubuntu1

3.23.0+dfsg-0ubuntu2

3.23.0+dfsg-0ubuntu3

Ubuntu:25.04 / opencryptoki

Package

Name: opencryptoki
Purl: pkg:deb/ubuntu/opencryptoki@3.24.0+git20250128.0462717+dfsg-0ubuntu1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.23.0+dfsg-0ubuntu4

3.24.0+dfsg-0ubuntu1

3.24.0+git20250128.0462717+dfsg-0ubuntu1