[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] Regarding CVE-2021-3580

From: Mishra, Milind
Subject: Re: [libmicrohttpd] Regarding CVE-2021-3580
Date: Fri, 15 Jul 2022 05:25:03 +0000

Thanks a lot for that update.


Internal Use - Confidential

-----Original Message-----
From: libmicrohttpd <> On 
Behalf Of Christian Grothoff
Sent: Thursday, July 14, 2022 10:25 PM
Subject: Re: [libmicrohttpd] Regarding CVE-2021-3580


On 7/14/22 15:09, Mishra, Milind via libmicrohttpd wrote:
> Hello,
> The project I work on uses This library in turn is 
> dependent on
> As per CVE-2021-3580
> <
> 1-3580.html__;!!LpKI!hKkB5hf3K8RDOjQsgFtRKZGD3N3tbjAj3BZX6wfe4jTG_yrs6ONJhu7DxJ3G4GxEQupfN6DYBVzbP7ljwsXy$
>  [suse[.]com]> there was a security flaw in libnettle6 - 3.4.1-4.15.1 which 
> was fixed in 3.4.1-4.18.1.
> Have the fixes in version 3.4.1-4.18.1 incorporated any changes that 
> might impact the working of

If you are statically linked against libnettle *and* have enabled RSA key 
transport in your TLS configuration, then you may need to re-link GNU 
libmicrohttpd. If you are dynamically linked, simply updating the 
dependency should be completely sufficient.

Note that GNU libmicrohttpd doesn't directly use GNU nettle, we only use it via 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]