- Ciphertext of length zero and larger than the key's modulus crashes Nettle < 3.7.2. See CVE-2021-3580.