CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40528 – libgcrypt: ElGamal implementation allows plaintext recovery
https://notcve.org/view.php?id=CVE-2021-40528
06 Sep 2021 — The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. Una implementación de ElGamal en Libgcrypt versiones anteriores a 1.9.4, permite una recuperación de texto plano porque, durante la intera... • https://eprint.iacr.org/2021/923 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2021-33560 – libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm
https://notcve.org/view.php?id=CVE-2021-33560
08 Jun 2021 — Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. Libgcrypt versiones anteriores a 1.8.8 y versiones 1.9.x anteriores a 1.9.3, maneja inapropiadamente el cifrado de ElGamal porque carece de cegado de exponentes para hacer frente a un ataque de canal lateral contra la función mpi_powm, y el tamaño... • https://github.com/IBM/PGP-client-checker-CVE-2021-33560 • CWE-203: Observable Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12904
https://notcve.org/view.php?id=CVE-2019-12904
19 Jun 2019 — In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack ** EN DISPUTA ** En Libgcrypt versión 1.8.4, la implementación en C de AES es vulnerable a un ataque de canal lateral de descar... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html • CWE-668: Exposure of Resource to Wrong Sphere •