CVE-2021-3580 – CVE-2021-3580 is a vulnerability in nettle's RS... (How to Fix)

Q: What is the severity of CVE-2021-3580?

CVE-2021-3580 has a CVSS score of 7.5 (HIGH). CVE-2021-3580 is a vulnerability in nettle's RSA decryption functions where specially crafted ciphertext can cause application crashes and denial of service. This affects systems using nettle cryptographic library for RSA operations. Applications that process untrusted RSA ciphertext are vulnerable.

📋 TL;DR

CVE-2021-3580 is a vulnerability in nettle's RSA decryption functions where specially crafted ciphertext can cause application crashes and denial of service. This affects systems using nettle cryptographic library for RSA operations. Applications that process untrusted RSA ciphertext are vulnerable.

💻 Affected Systems

Products:

nettle cryptographic library
Applications using nettle for RSA operations

Versions: nettle versions before 3.7.3

Operating Systems: Linux distributions including Red Hat, Debian, Gentoo, and others using vulnerable nettle versions

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using nettle's RSA decryption functions (nettle_rsa_decrypt, nettle_rsa_decrypt_tr) with default configuration is vulnerable when processing untrusted ciphertext.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for applications using nettle RSA decryption, potentially affecting critical services that rely on RSA operations for security.

🟠

Likely Case

Application crashes leading to service disruption when processing malicious RSA ciphertext, requiring restart of affected services.

🟢

If Mitigated

Minimal impact if systems are patched or don't process untrusted RSA ciphertext; isolated service restarts may be needed.

🌐 Internet-Facing: MEDIUM - Applications accepting RSA-encrypted data from untrusted sources could be targeted for DoS attacks.

🏢 Internal Only: LOW - Internal systems typically process trusted RSA ciphertext, reducing attack surface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted RSA ciphertext to vulnerable applications; no authentication needed if application accepts external RSA-encrypted data.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: nettle 3.7.3 and later

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1967983

Restart Required: Yes

Instructions:

1. Update nettle package to version 3.7.3 or later using your distribution's package manager. 2. Restart all applications using nettle library. 3. For Red Hat systems: 'yum update nettle'. For Debian/Ubuntu: 'apt update && apt upgrade nettle'. For Gentoo: emerge --sync && emerge -av nettle'.

🔧 Temporary Workarounds

Input validation for RSA ciphertext

all

Implement strict validation of RSA ciphertext before passing to nettle decryption functions

Rate limiting RSA decryption operations

all

Limit the rate of RSA decryption operations to mitigate DoS impact

🧯 If You Can't Patch

Implement network filtering to block or limit RSA-encrypted traffic from untrusted sources
Deploy application-level monitoring and automatic restart mechanisms for services using nettle RSA decryption

🔍 How to Verify

Check if Vulnerable:

Check nettle version: 'nettle-hash --version' or 'dpkg -l | grep nettle' or 'rpm -q nettle'. If version is below 3.7.3, system is vulnerable.

Check Version:

nettle-hash --version 2>/dev/null || dpkg -l | grep nettle 2>/dev/null || rpm -q nettle 2>/dev/null || echo 'nettle not found'

Verify Fix Applied:

Verify nettle version is 3.7.3 or later using same commands, then test RSA decryption functionality in applications.

📡 Detection & Monitoring

Log Indicators:

Application crashes or segmentation faults in processes using nettle RSA functions
High frequency of RSA decryption failures

Network Indicators:

Unusual patterns of RSA-encrypted traffic to vulnerable services
Multiple connection attempts with malformed cryptographic data

SIEM Query:

source="application.logs" AND ("segmentation fault" OR "SIGSEGV") AND process="*nettle*" OR "RSA decrypt"

📊 Metadata

CVE ID: CVE-2021-3580

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: August 5, 2021

Last Updated: November 21, 2024

🔗 References

https://bugzilla.redhat.com/show_bug.cgi?id=1967983 Issue Tracking,Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202401-24
https://security.netapp.com/advisory/ntap-20211104-0006/ Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1967983 Issue Tracking,Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202401-24
https://security.netapp.com/advisory/ntap-20211104-0006/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-3580, you might also want to check these: