Multiple issues were found with Nettle's RSA decryption functions. These can be triggered by providing manipulated ciphertext and could lead to application crash and denial of service. Since nettle is used with gnuTLS, there is a possibility that a remote client could crash a server compiled with gnuTLS when RSA is used for the initial key exchange.
Created mingw-nettle tracking bugs for this issue: Affects: fedora-all [bug 1969396] Created nettle tracking bugs for this issue: Affects: fedora-all [bug 1969395]
Upstream commits: https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4451 https://access.redhat.com/errata/RHSA-2021:4451
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3580