Vulnerabilities > Gnupg > Libgcrypt > 1.9.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-06 | CVE-2021-40528 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Gnupg Libgcrypt The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 5.9 |
2021-06-08 | CVE-2021-33560 | Information Exposure Through Discrepancy vulnerability in multiple products Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. | 7.5 |
2021-01-29 | CVE-2021-3345 | Out-of-bounds Write vulnerability in multiple products _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. | 7.8 |