[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ANNOUNCE: Nettle-3.7.3

From: Niels Möller
Subject: ANNOUNCE: Nettle-3.7.3
Date: Mon, 07 Jun 2021 08:59:28 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

I've prepared a new bug-fix release of Nettle, a low-level
cryptographics library, to fix bugs in the RSA decryption functions. The
bugs cause crashes on certain invalid inputs, which could be used
for denial of service attacks on applications using these functions.
More details in NEWS file below.

Upgrading is strongly recommended.

The Nettle home page can be found at, and the manual at

The release can be downloaded from


NEWS for the Nettle 3.7.3 release

        This is bugfix release, fixing bugs that could make the RSA
        decryption functions crash on invalid inputs.

        Upgrading to the new version is strongly recommended. For
        applications that want to support older versions of Nettle,
        the bug can be worked around by adding a check that the RSA
        ciphertext is in the range 0 < ciphertext < n, before
        attempting to decrypt it.

        Thanks to Paul Schaub and Justus Winter for reporting these

        The new version is intended to be fully source and binary
        compatible with Nettle-3.6. The shared library names are and, with sonames and

        Bug fixes:

        * Fix crash for zero input to rsa_sec_decrypt and
          rsa_decrypt_tr. Potential denial of service vector.

        * Ensure that all of rsa_decrypt_tr and rsa_sec_decrypt return
          failure for out of range inputs, instead of either crashing,
          or silently reducing input modulo n. Potential denial of
          service vector.

        * Ensure that rsa_decrypt returns failure for out of range
          inputs, instead of silently reducing input modulo n.

        * Ensure that rsa_sec_decrypt returns failure if the message
          size is too large for the given key. Unlike the other bugs,
          this would typically be triggered by invalid local
          configuration, rather than by processing untrusted remote

Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]