Search for packages
| purl | pkg:deb/ubuntu/libgcrypt20@1.8.4-5ubuntu2.1 |
| Next non-vulnerable version | 1.8.5-5ubuntu1.1 |
| Latest non-vulnerable version | 1.8.5-5ubuntu1.1 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6546-cx94-aaah
Aliases: CVE-2021-33560 |
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. |
Affected by 0 other vulnerabilities. |
|
VCID-tegv-r6ak-aaaa
Aliases: CVE-2021-40528 |
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. |
Affected by 0 other vulnerabilities. |
|
VCID-zyrm-1dsx-aaab
Aliases: CVE-2021-3345 |
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2z7d-8u2h-aaaa | It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. |
CVE-2019-13627
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|