Lucene search

[email protected]CVE-2021-33560

HistoryJun 08, 2021 - 11:15 a.m.

CVE-2021-33560

2021-06-0811:15:00

CWE-203

[email protected]

web.nvd.nist.gov

354

libgcrypt

cve-2021-33560

elgamal encryption

exponent blinding

side-channel attack

openpgp

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.7%

JSON

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

CPENameOperatorVersion
gnupg:libgcryptgnupg libgcryptlt1.9.3
gnupg:libgcryptgnupg libgcryptlt1.8.8
debian:debian_linuxdebian debian linuxeq9.0
fedoraproject:fedorafedoraproject fedoraeq33
fedoraproject:fedorafedoraproject fedoraeq34
oracle:communications_cloud_native_core_network_repository_functionoracle communications cloud native core network repository functioneq1.14.0
oracle:communications_cloud_native_core_network_function_cloud_native_environmentoracle communications cloud native core network function cloud native environmenteq1.9.0
oracle:communications_cloud_native_core_network_slice_selection_functionoracle communications cloud native core network slice selection functioneq1.8.0
oracle:communications_cloud_native_core_network_repository_functionoracle communications cloud native core network repository functioneq1.15.0
oracle:communications_cloud_native_core_network_function_cloud_native_environmentoracle communications cloud native core network function cloud native environmenteq1.10.0

CPE	Name	Operator	Version
gnupg:libgcrypt	gnupg libgcrypt	lt	1.9.3
gnupg:libgcrypt	gnupg libgcrypt	lt	1.8.8
debian:debian_linux	debian debian linux	eq	9.0
fedoraproject:fedora	fedoraproject fedora	eq	33
fedoraproject:fedora	fedoraproject fedora	eq	34
oracle:communications_cloud_native_core_network_repository_function	oracle communications cloud native core network repository function	eq	1.14.0
oracle:communications_cloud_native_core_network_function_cloud_native_environment	oracle communications cloud native core network function cloud native environment	eq	1.9.0
oracle:communications_cloud_native_core_network_slice_selection_function	oracle communications cloud native core network slice selection function	eq	1.8.0
oracle:communications_cloud_native_core_network_repository_function	oracle communications cloud native core network repository function	eq	1.15.0
oracle:communications_cloud_native_core_network_function_cloud_native_environment	oracle communications cloud native core network function cloud native environment	eq	1.10.0