"Jayakumar, Jaikanth" writes:
> There is a small confusion, I believe the bug reported here
> (https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html)
> is related to CVE-2021-20305, right ? and this (CVE-2021-20305) is
> fixed in version 3.7.2.
Which *two* problems are you asking
I've been made aware of a bug in Nettle's code to verify ECDSA
signatures. Certain signatures result in the ecc point multiply function
being called with out-of-range scalars, which may give incorrect
results, or crash in an assertion failure. It's an old bug, probably
since Nettle's initial
