Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-p7s2-dsa1-17fn
Vulnerability ID VCID-p7s2-dsa1-17fn
Aliases CVE-2021-40528
Summary Multiple vulnerabilities have been found in libgcrypt, the worst of which could result in denial of service.
Status Published
Exploitability 0.5
Weighted Severity 5.3
Risk 2.6
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40528.json
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2021-40528
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2021-40528
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2021-40528
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2021-40528
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2021-40528
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2021-40528
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2021-40528
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2021-40528
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2021-40528
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2021-40528
cvssv3.1 5.9 https://eprint.iacr.org/2021/923
ssvc Track https://eprint.iacr.org/2021/923
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.9 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f2e23e16adf3ed5176e0f2413d8861320
ssvc Track https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f2e23e16adf3ed5176e0f2413d8861320
cvssv3.1 5.9 https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
ssvc Track https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
cvssv3.1 5.9 https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
ssvc Track https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
cvssv3.1 5.9 https://security.gentoo.org/glsa/202210-13
ssvc Track https://security.gentoo.org/glsa/202210-13
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40528.json
https://api.first.org/data/v1/epss?cve=CVE-2021-40528
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40528
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2002816 https://bugzilla.redhat.com/show_bug.cgi?id=2002816
923 https://eprint.iacr.org/2021/923
gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f2e23e16adf3ed5176e0f2413d8861320 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f2e23e16adf3ed5176e0f2413d8861320
GLSA-202210-13 https://security.gentoo.org/glsa/202210-13
insecurity-elgamal-pt1 https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
insecurity-elgamal-pt2 https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
RHSA-2022:5311 https://access.redhat.com/errata/RHSA-2022:5311
USN-5080-1 https://usn.ubuntu.com/5080-1/
USN-5080-2 https://usn.ubuntu.com/5080-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40528.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://eprint.iacr.org/2021/923
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:12:20Z/ Found at https://eprint.iacr.org/2021/923
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f2e23e16adf3ed5176e0f2413d8861320
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:12:20Z/ Found at https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f2e23e16adf3ed5176e0f2413d8861320
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:12:20Z/ Found at https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:12:20Z/ Found at https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.gentoo.org/glsa/202210-13
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:12:20Z/ Found at https://security.gentoo.org/glsa/202210-13
Exploit Prediction Scoring System (EPSS)
Percentile 0.26859
EPSS Score 0.00097
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:12:07.106602+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202210-13 38.0.0