← volver
CVE-2021-3798

CVE-2021-3798

EPSS 0.3%CWE-200
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
23 ago 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.
Productos afectados
n/a · opencryptoki