UBUNTU-CVE-2021-3798
- Source
- https://ubuntu.com/security/CVE-2021-3798
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-3798.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-3798
- Upstream
- Published
- 2022-08-23T16:15:00Z
- Modified
- 2026-01-20T17:17:33.541452Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.
- References
Affected packages
Ubuntu:16.04:LTS
opencryptoki
Package
- Name
- opencryptoki
- Purl
- pkg:deb/ubuntu/opencryptoki@3.4.1+dfsg-1ubuntu4.1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.3.1+dfsg-3ubuntu5
3.*
3.4.1+dfsg-1ubuntu1
3.4.1+dfsg-1ubuntu2
3.4.1+dfsg-1ubuntu3
3.4.1+dfsg-1ubuntu4
3.4.1+dfsg-1ubuntu4.1
Ubuntu:18.04:LTS
opencryptoki
Package
- Name
- opencryptoki
- Purl
- pkg:deb/ubuntu/opencryptoki@3.9.0+dfsg-0ubuntu1.4?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.7.0+dfsg-4
3.8.1+dfsg-2
3.8.1+dfsg-3
3.8.2+dfsg-0ubuntu1
3.9.0+dfsg-0ubuntu1
3.9.0+dfsg-0ubuntu1.1
3.9.0+dfsg-0ubuntu1.2
3.9.0+dfsg-0ubuntu1.3
3.9.0+dfsg-0ubuntu1.4
Ubuntu:20.04:LTS
opencryptoki
Package
- Name
- opencryptoki
- Purl
- pkg:deb/ubuntu/opencryptoki@3.13.0+dfsg-0ubuntu5.2?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.11.1+dfsg-0ubuntu2
3.11.1+dfsg-0ubuntu3
3.12.1+dfsg-0ubuntu1
3.13.0+dfsg-0ubuntu4
3.13.0+dfsg-0ubuntu5
3.13.0+dfsg-0ubuntu5.1
3.13.0+dfsg-0ubuntu5.2
Ubuntu:22.04:LTS
opencryptoki
Package
- Name
- opencryptoki
- Purl
- pkg:deb/ubuntu/opencryptoki@3.17.0+dfsg+20220202.b40982e-0ubuntu1.2?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.16.0+dfsg-0ubuntu1
3.16.0+dfsg-0ubuntu2
3.16.0+dfsg-0ubuntu3
3.17.0+dfsg+20220202.b40982e-0ubuntu1
3.17.0+dfsg+20220202.b40982e-0ubuntu1.1
3.17.0+dfsg+20220202.b40982e-0ubuntu1.2
Ecosystem specific
{
"binaries": [
{
"binary_name": "libopencryptoki-dev",
"binary_version": "3.17.0+dfsg+20220202.b40982e-0ubuntu1.2"
},
{
"binary_name": "libopencryptoki0",
"binary_version": "3.17.0+dfsg+20220202.b40982e-0ubuntu1.2"
},
{
"binary_name": "opencryptoki",
"binary_version": "3.17.0+dfsg+20220202.b40982e-0ubuntu1.2"
}
]
}Ubuntu:24.04:LTS
opencryptoki
Package
- Name
- opencryptoki
- Purl
- pkg:deb/ubuntu/opencryptoki@3.23.0+dfsg-0ubuntu3?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.21.0+dfsg-0ubuntu1
3.21.0+dfsg-0ubuntu2
3.22.0+dfsg-0ubuntu1
3.23.0+dfsg-0ubuntu1
3.23.0+dfsg-0ubuntu2
3.23.0+dfsg-0ubuntu3
Ubuntu:25.10
opencryptoki
Package
- Name
- opencryptoki
- Purl
- pkg:deb/ubuntu/opencryptoki@3.25.0+dfsg-0ubuntu1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected