Vulnerability Details CVE-2023-36660
The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.5%
CVSS Severity
CVSS v3 Score 9.8
References
- https://bugzilla.suse.com/show_bug.cgi?id=1212112
- https://git.lysator.liu.se/nettle/nettle/-/commit/867a4548b95705291a3afdd66d76e7f17ba2618f
- https://git.lysator.liu.se/nettle/nettle/-/compare/nettle_3.9_release_20230514...nettle_3.9.1_release_20230601
- https://security.gentoo.org/glsa/202401-24
- https://bugzilla.suse.com/show_bug.cgi?id=1212112
- https://git.lysator.liu.se/nettle/nettle/-/commit/867a4548b95705291a3afdd66d76e7f17ba2618f
- https://git.lysator.liu.se/nettle/nettle/-/compare/nettle_3.9_release_20230514...nettle_3.9.1_release_20230601
- https://security.gentoo.org/glsa/202401-24
Products affected by CVE-2023-36660
-
cpe:2.3:a:nettle_project:nettle:3.9