GnuPG Libgcrypt 1.9.0

CPE Details

GnuPG Libgcrypt 1.9.0
gnupg
libgcrypt
1.9.0
2021-02-02
17h25 +00:00
2021-02-02
17h25 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnupg:libgcrypt:1.9.0:*:*:*:*:*:*:*

Informations

Vendor

gnupg

Product

libgcrypt

Version

1.9.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-40528 2021-09-05 22h00 +00:00 The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
5.9
Medium
CVE-2021-33560 2021-06-07 22h00 +00:00 Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
7.5
High
CVE-2021-3345 2021-01-29 13h20 +00:00 _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.
7.8
High