{
  "threat_severity" : "Moderate",
  "public_date" : "2023-06-26T00:00:00Z",
  "bugzilla" : {
    "description" : "nettle: Memory corruption in OCB handling",
    "id" : "2217430",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2217430"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-119",
  "details" : [ "The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.", "A vulnerability was found in Nettle. The issue occurs in the new Offset Code Book (OCB) code and may cause a denial of service or other problems, leading to memory corruption." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "nettle",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "nettle",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "nettle",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-36660\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36660\nhttps://lists.gnu.org/archive/html/info-gnu/2023-06/msg00000.html" ],
  "name" : "CVE-2023-36660",
  "csaw" : false
}