Nettle x86_64/ecc-384-modp.asm Security Vulnerability (CVE-2015-8804)
Nettle x86_64/ecc-384-modp.asm Security Vulnerability (CVE-2015-8804)
Release date:
Updated on:
Affected Systems:
Nettle nettle> 3.2
Description:
CVE (CAN) ID: CVE-2015-8804
Nettle is a low-level encryption library.
In versions earlier than Nettle 3.2, x86_64/The ecc-384-modp.asm did not properly handle carry forward, and an incorrect output occurred in the P-384 NIST elliptic curve implementation, which could allow attackers to exploit this vulnerability to perform security attacks.
<* Source: Hanno B & #246; ck
*>
Suggestion:
Vendor patch:
Nettle
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
This article permanently updates the link address: