Multiple denial of service vulnerabilities have been discovered in Nettle.
|dev-libs/nettle on all architectures
Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space.
Multiple vulnerabilities have been discovered in Nettle. Please review the CVE identifiers referenced below for details.
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
There is no known workaround at this time.
All Nettle users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nettle-3.9.1"