CVE-2021-3345

gcrymdblockwrite in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later...

Heap overflow

gcrymdblockwrite in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later...

UBUNTU-CVE-2021-3345

gcrymdblockwrite in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later...

CVE-2021-3345

gcrymdblockwrite in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later...

CVE-2021-3345

The CVE-2021-3345 entry concerns Libgcrypt: the function gcry_md_block_write in cipher/hash-common.c on Libgcrypt 1.9.0 suffers a heap-based buffer overflow when the digest final function handles a large count. The identified remediation is to upgrade to Libgcrypt 1.9.1 or later. Impact details a...

CVE-2021-3345

gcrymdblockwrite in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later...

Libgcrypt Buffer Error Vulnerability

Libgcrypt is a general-purpose cryptographic library developed by the GNU Project developed by the Gnu Project based on the GnuPG code. The library implements a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, public key algorithms, and more. Libgcrypt before...

[ASA-202101-45] libgcrypt: arbitrary code execution

Arch Linux Security Advisory ASA-202101-45 ========================================== Severity: Critical Date : 2021-01-29 CVE-ID : CVE-2021-3345 Package : libgcrypt Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1505 Summary ======= The package libgcrypt...

Information Disclosure

Libgcrypt is vulnerable to information disclosure. An attacker who learns the EdDSA session key can recover the long-term secret key...

Security update for libssh2_org (moderate)

openSUSE Security Update: Security update for libssh2org Announcement ID: openSUSE-SU-2020:2129-1 Rating: moderate References: 1130103 1178083 Cross-References: CVE-2019-17498 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862...

Oracle Linux 8 : libgcrypt (ELSA-2020-4482)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4482 advisory. 1.8.5-4 - add PBKDF2 selftest for FIPS POST 1.8.5-3 - new upstream version 1.8.5 - AES performance improvements backported from master branch - FIPS module is...

libgcrypt security, bug fix, and enhancement update

1.8.5-4 - add PBKDF2 selftest for FIPS POST 1.8.5-3 - new upstream version 1.8.5 - AES performance improvements backported from master branch - FIPS module is implicit with kernel FIPS flag - always run the FIPS selftests if FIPS module is installed...

libgcrypt: ECDSA timing attack allowing private key leak

A timing attack was found in the way ECCDSA was implemented in libgcrypt. A man-in-the-middle attacker could use this attack during signature generation to recover the private key. This attack is only feasible when the attacker is local to the machine where the signature is being generated. Attac...

Moderate: Red Hat Security Advisory: libgcrypt security, bug fix, and enhancement update

An update for libgcrypt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHEL 8 : libgcrypt (RHSA-2020:4482)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4482 advisory. The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. The following packages have been upgraded to a...

RLSA-2020:4482 Moderate: libgcrypt security, bug fix, and enhancement update

The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. The following packages have been upgraded to a later upstream version: libgcrypt 1.8.5. BZ1764918 Security Fixes: libgcrypt: ECDSA timing attack allowing private key leak CVE-2019-13627 For more...

Moderate: libgcrypt security, bug fix, and enhancement update

The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. The following packages have been upgraded to a later upstream version: libgcrypt 1.8.5. BZ1764918 Security Fixes: libgcrypt: ECDSA timing attack allowing private key leak CVE-2019-13627 For more...

libgcrypt security, bug fix, and enhancement update

An update is available for libgcrypt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libgcrypt library provides general-purpose implementations of various...

Security Bulletin: Vulnerability in libgcrypt affects SmartCloud Entry (CVE-2016-6313 )

Summary GnuPG could provide weaker than expected security, caused by an error in the mixing functions when obtaining 4640 bits from the random number generator. Vulnerability Details CVEID: CVE-2016-6313 DESCRIPTION: GnuPG could provide weaker than expected security, caused by an error in the...

Huawei EulerOS: Security Advisory for nss-softokn (EulerOS-SA-2020-1754)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...