How severe is CVE-2021-20305?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2021-20305?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2021-20305 - HIGH Severity | CVSS 8.1

Vulnerability Description

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Related Vulnerabilities

CVE-2018-7211

HIGH

CVSS:8.1(High)

An issue was discovered in iDashboards 9.6b. The SSO implementation is affected by a weak obfuscation library, allowing man-in-the-middle attackers to discover credentials.

CWE-3272018

CVE-2019-12587

HIGH

CVSS:8.1(High)

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any E...

CWE-3272019

CVE-2019-1828

HIGH

CVSS:8.1(High)

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative cred...

CWE-3272019

CVE-2019-18832

HIGH

CVSS:8.1(High)

Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable (OTP) AES encrypt...

CWE-3272019

CVE-2020-25694

HIGH

CVSS:8.1(High)

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only...

CWE-3272020

CVE-2020-5229

HIGH

CVSS:8.1(High)

Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causin...

CWE-3272020