CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40528 – libgcrypt: ElGamal implementation allows plaintext recovery
https://notcve.org/view.php?id=CVE-2021-40528
06 Sep 2021 — The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. Una implementación de ElGamal en Libgcrypt versiones anteriores a 1.9.4, permite una recuperación de texto plano porque, durante la intera... • https://eprint.iacr.org/2021/923 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2021-33560 – libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm
https://notcve.org/view.php?id=CVE-2021-33560
08 Jun 2021 — Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. Libgcrypt versiones anteriores a 1.8.8 y versiones 1.9.x anteriores a 1.9.3, maneja inapropiadamente el cifrado de ElGamal porque carece de cegado de exponentes para hacer frente a un ataque de canal lateral contra la función mpi_powm, y el tamaño... • https://github.com/IBM/PGP-client-checker-CVE-2021-33560 • CWE-203: Observable Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 5%CPEs: 2EXPL: 2CVE-2021-3345
https://notcve.org/view.php?id=CVE-2021-3345
29 Jan 2021 — _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. La función _gcry_md_block_write en el archivo cipher/hash-common.c en la versión 1.9.0 de Libgcrypt tiene un desbordamiento de búfer basado en la pila cuando la función final del resumen establece un valor de recuento grande. Se recomienda actualizar a la versión 1.9.1 o posterior. • https://github.com/MLGRadish/CVE-2021-3345 • CWE-787: Out-of-bounds Write •