Security News > 2021 > February > Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code
The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library.
An exploit would allow an attacker to write arbitrary data to a target machine and execute code.
The security vulnerability is a heap-buffer overflow bug in Libgcrypt 1.9.0, which researchers said can be exploited by merely decrypting a block of data.
Libgcrypt is a general-purpose cryptographic library for developers to use when building applications, originally based on code from GNU Privacy Guard.
Cybercriminals also understand that code repositories and third-party libraries represent an attractive avenue for mounting a supply-chain-type attack by seeding them with malicious code.
In a recent example from last month, three malicious software packages were published to npm, a code repository for JavaScript developers to share and reuse code blocks.
News URL
https://threatpost.com/critical-libgcrypt-crypto-bug-arbitrary-code/163546/