CVE-2023-36660: Out-of-bounds Write

June 25, 2023 (updated January 16, 2024)

The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.

References

bugzilla.suse.com/show_bug.cgi?id=1212112
git.lysator.liu.se/nettle/nettle/-/commit/867a4548b95705291a3afdd66d76e7f17ba2618f
git.lysator.liu.se/nettle/nettle/-/compare/nettle_3.9_release_20230514...nettle_3.9.1_release_20230601
nvd.nist.gov/vuln/detail/CVE-2023-36660

Code Behaviors & Features

Detect and mitigate CVE-2023-36660 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →