CVE-2021-3798 - AskarLabs CVE Database

CVE-2021-3798

Vendor N/A

Product opencryptoki

Weakness CWE-200 · Info exposure

Published August 23, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.

Key dates

02Disclosure timeline

August 23, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-3798

Related vulnerabilities

04Related CVE

CVE-2025-3851 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure CVE-2025-58277 CVE-2024-38749 WordPress Olive One Click Demo Import plugin <= 1.1.2 - Sensitive Data Exposure vulnerability CVE-2018-13295 CVE-2024-7063 ElementsKit Pro <= 3.6.6 - Authenticated (Contributor+) Sensitive Information Exposure