CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-8805

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2015-8805

Nettle Project » Nettle » Version: N/A

cpe:2.3:a:nettle_project:nettle:-
Nettle Project » Nettle » Version: 2.0

cpe:2.3:a:nettle_project:nettle:2.0
Nettle Project » Nettle » Version: 2.1

cpe:2.3:a:nettle_project:nettle:2.1
Nettle Project » Nettle » Version: 2.2

cpe:2.3:a:nettle_project:nettle:2.2
Nettle Project » Nettle » Version: 2.3

cpe:2.3:a:nettle_project:nettle:2.3
Nettle Project » Nettle » Version: 2.4

cpe:2.3:a:nettle_project:nettle:2.4
Nettle Project » Nettle » Version: 2.5

cpe:2.3:a:nettle_project:nettle:2.5
Nettle Project » Nettle » Version: 2.6

cpe:2.3:a:nettle_project:nettle:2.6
Nettle Project » Nettle » Version: 2.7

cpe:2.3:a:nettle_project:nettle:2.7
Nettle Project » Nettle » Version: 3.0

cpe:2.3:a:nettle_project:nettle:3.0
Nettle Project » Nettle » Version: 3.1

cpe:2.3:a:nettle_project:nettle:3.1
Nettle Project » Nettle » Version: 3.1.1

cpe:2.3:a:nettle_project:nettle:3.1.1
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04
Canonical » Ubuntu Linux » Version: 15.10

cpe:2.3:o:canonical:ubuntu_linux:15.10
Opensuse » Leap » Version: 42.1

cpe:2.3:o:opensuse:leap:42.1
Opensuse » Opensuse » Version: 13.1

cpe:2.3:o:opensuse:opensuse:13.1
Opensuse » Opensuse » Version: 13.2

cpe:2.3:o:opensuse:opensuse:13.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-8805

Products

Pricing

Contact Us