GnuPG Libgcrypt 1.8.4

CPE Details

GnuPG Libgcrypt 1.8.4
1.8.4
2019-02-19
15h45 +00:00
2019-02-19
15h45 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnupg:libgcrypt:1.8.4:*:*:*:*:*:*:*

Informations

Vendor

gnupg

Product

libgcrypt

Version

1.8.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-40528 2021-09-05 22h00 +00:00 The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
5.9
Medium
CVE-2021-33560 2021-06-07 22h00 +00:00 Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
7.5
High
CVE-2019-12904 2019-06-19 21h34 +00:00 In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack
5.9
Medium