{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-36660", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T16:52:54.103Z", "dateReserved": "2023-06-25T00:00:00", "datePublished": "2023-06-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-01-16T15:06:20.765752"}, "descriptions": [{"lang": "en", "value": "The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1212112"}, {"url": "https://git.lysator.liu.se/nettle/nettle/-/commit/867a4548b95705291a3afdd66d76e7f17ba2618f"}, {"url": "https://git.lysator.liu.se/nettle/nettle/-/compare/nettle_3.9_release_20230514...nettle_3.9.1_release_20230601"}, {"name": "GLSA-202401-24", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202401-24"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:52:54.103Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1212112", "tags": ["x_transferred"]}, {"url": "https://git.lysator.liu.se/nettle/nettle/-/commit/867a4548b95705291a3afdd66d76e7f17ba2618f", "tags": ["x_transferred"]}, {"url": "https://git.lysator.liu.se/nettle/nettle/-/compare/nettle_3.9_release_20230514...nettle_3.9.1_release_20230601", "tags": ["x_transferred"]}, {"name": "GLSA-202401-24", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202401-24"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nettle_project:nettle:3.9:*:*:*:*:*:*:*", "matchCriteriaId": "315BCEC0-1D36-4DAC-99D3-652EB144BC13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption."}], "id": "CVE-2023-36660", "lastModified": "2024-01-16T15:15:08.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-25T22:15:21.337", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1212112"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://git.lysator.liu.se/nettle/nettle/-/commit/867a4548b95705291a3afdd66d76e7f17ba2618f"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://git.lysator.liu.se/nettle/nettle/-/compare/nettle_3.9_release_20230514...nettle_3.9.1_release_20230601"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202401-24"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "nettle: Memory corruption in OCB handling", "id": "2217430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217430"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-119", "details": ["The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.", "A vulnerability was found in Nettle. The issue occurs in the new Offset Code Book (OCB) code and may cause a denial of service or other problems, leading to memory corruption."], "name": "CVE-2023-36660", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "nettle", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "nettle", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "nettle", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-06-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-36660\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36660\nhttps://lists.gnu.org/archive/html/info-gnu/2023-06/msg00000.html"], "threat_severity": "Moderate"}