CVE-2023-36660 — CRITICAL (9.8)

Vulnerability Description

The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Nettle Project	Nettle	3.9

Related Weaknesses (CWE)

CWE-787

References

https://bugzilla.suse.com/show_bug.cgi?id=1212112Issue TrackingPatch
https://git.lysator.liu.se/nettle/nettle/-/commit/867a4548b95705291a3afdd66d76e7Patch
https://git.lysator.liu.se/nettle/nettle/-/compare/nettle_3.9_release_20230514..Patch
https://security.gentoo.org/glsa/202401-24
https://bugzilla.suse.com/show_bug.cgi?id=1212112Issue TrackingPatch
https://git.lysator.liu.se/nettle/nettle/-/commit/867a4548b95705291a3afdd66d76e7Patch
https://git.lysator.liu.se/nettle/nettle/-/compare/nettle_3.9_release_20230514..Patch
https://security.gentoo.org/glsa/202401-24

FAQ

What is CVE-2023-36660?

CVE-2023-36660 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.

How severe is CVE-2023-36660?

CVE-2023-36660 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-36660?

Check the references section above for vendor advisories and patch information. Affected products include: Nettle Project Nettle.