CVE-2021-40528 – libgcrypt: ElGamal implementation allows plaintext recovery
https://notcve.org/view.php?id=CVE-2021-40528
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. Una implementación de ElGamal en Libgcrypt versiones anteriores a 1.9.4, permite una recuperación de texto plano porque, durante la interacción entre dos bibliotecas criptográficas, una determinada combinación peligrosa del primo definido por la clave pública del receptor, el generador definido por la clave pública del receptor y los exponentes efímeros del emisor puede conllevar a un ataque de configuración cruzada contra OpenPGP. A flaw was found in libgcrypt's ElGamal implementation, where it allows plain text recovery. During the interaction between two cryptographic libraries, a certain combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. The highest threat from this vulnerability is to confidentiality. • https://eprint.iacr.org/2021/923 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f2e23e16adf3ed5176e0f2413d8861320 https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 https://security.gentoo.org/glsa/202210-13 https://access.redhat.com/security/cve/CVE-2021-40528 https://bugzilla.redhat.com/show_bug.cgi?id=2002816 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2021-33560 – libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm
https://notcve.org/view.php?id=CVE-2021-33560
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. Libgcrypt versiones anteriores a 1.8.8 y versiones 1.9.x anteriores a 1.9.3, maneja inapropiadamente el cifrado de ElGamal porque carece de cegado de exponentes para hacer frente a un ataque de canal lateral contra la función mpi_powm, y el tamaño de la ventana no se elige apropiadamente. Esto, por ejemplo, afecta el uso de ElGamal en OpenPGP. A side-channel attack flaw was found in the way libgcrypt implemented Elgamal encryption. • https://github.com/IBM/PGP-client-checker-CVE-2021-33560 https://dev.gnupg.org/T5305 https://dev.gnupg.org/T5328 https://dev.gnupg.org/T5466 https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61 https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL • CWE-203: Observable Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2021-3345
https://notcve.org/view.php?id=CVE-2021-3345
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. La función _gcry_md_block_write en el archivo cipher/hash-common.c en la versión 1.9.0 de Libgcrypt tiene un desbordamiento de búfer basado en la pila cuando la función final del resumen establece un valor de recuento grande. Se recomienda actualizar a la versión 1.9.1 o posterior. • https://github.com/MLGRadish/CVE-2021-3345 https://github.com/SpiralBL0CK/CVE-2021-3345 https://bugs.gentoo.org/show_bug.cgi?id=767814 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=512c0c75276949f13b6373b5c04f7065af750b08 https://gnupg.org https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html https://www.oracle.com//security-alerts/cpujul2021.html • CWE-787: Out-of-bounds Write •
CVE-2019-12904
https://notcve.org/view.php?id=CVE-2019-12904
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack ** EN DISPUTA ** En Libgcrypt versión 1.8.4, la implementación en C de AES es vulnerable a un ataque de canal lateral de descarga y recarga porque las direcciones físicas están disponibles para otros procesos. (La implementación en C se usa en plataformas donde una implementación en lenguaje ensamblador no está disponible). NOTA: la posición del vendedor es que el informe de emisión no puede ser validado porque no hay descripción de un ataque • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html https://dev.gnupg.org/T4541 https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020 https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2018-0495 – ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries
https://notcve.org/view.php?id=CVE-2018-0495
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. Libgcrypt en versiones anteriores a la 1.7.10 y versiones 1.8.x anteriores a la 1.8.3 permite un ataque de canal lateral por caché de memoria en las firmas ECDSA que se puede mitigar mediante el uso de la ocultación durante el proceso de firmado en la función _gcry_ecc_ecdsa_sign en cipher/ecc-ecdsa.c. Esto también se conoce como Return Of the Hidden Number Problem o ROHNP. Para descubrir una clave ECDSA, el atacante necesita acceso a la máquina local o a una máquina virtual diferente en el mismo host físico. • http://www.securitytracker.com/id/1041144 http://www.securitytracker.com/id/1041147 https://access.redhat.com/errata/RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2019:1296 https://access.redhat.com/errata/RHSA-2019:1297 https://access.redhat.com/errata/RHSA-2019:1543 https://access.redhat.com/errata/RHSA-2019:2237 https://dev.gnupg.org/T4011 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •