Security News > 2021 > February > Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code

The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library.

An exploit would allow an attacker to write arbitrary data to a target machine and execute code.

The security vulnerability is a heap-buffer overflow bug in Libgcrypt 1.9.0, which researchers said can be exploited by merely decrypting a block of data.

Libgcrypt is a general-purpose cryptographic library for developers to use when building applications, originally based on code from GNU Privacy Guard.

Cybercriminals also understand that code repositories and third-party libraries represent an attractive avenue for mounting a supply-chain-type attack by seeding them with malicious code.

In a recent example from last month, three malicious software packages were published to npm, a code repository for JavaScript developers to share and reuse code blocks.

News URL

https://threatpost.com/critical-libgcrypt-crypto-bug-arbitrary-code/163546/