Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 918610

Summary: <dev-libs/nettle-3.9.1: OCB memory corruption
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: ajak, base-system
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-26 14:12:50 UTC 
CVE-2023-36660 (https://bugzilla.suse.com/show_bug.cgi?id=1212112):

The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.

https://git.lysator.liu.se/nettle/nettle/-/commit/867a4548b95705291a3afdd66d76e7f17ba2618f
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-01-14 23:31:28 UTC 
Upon closer inspection, it seems this is the same issue as in bug 907673.

*** This bug has been marked as a duplicate of bug 907673 ***