Launchpad.net

CVE 2021-3798

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.

Related bugs and status

CVE-2021-3798 (Candidate) is related to these bugs:

Bug #1928780: [UBUNTU 21.04] openCryptoki: Soft token does not check if an EC key is valid

		In	Importance	Status
1928780	[UBUNTU 21.04] openCryptoki: Soft token does not check if an EC key is valid	opencryptoki (Ubuntu)	Undecided	Fix Released
1928780	[UBUNTU 21.04] openCryptoki: Soft token does not check if an EC key is valid	Ubuntu on IBM z Systems	High	Fix Released
1928780	[UBUNTU 21.04] openCryptoki: Soft token does not check if an EC key is valid	opencryptoki (Ubuntu Hirsute)	Undecided	Fix Released
1928780	[UBUNTU 21.04] openCryptoki: Soft token does not check if an EC key is valid	opencryptoki (Ubuntu Impish)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2021-3798

Related bugs and status

Related bugs

References