CVE-2016-6313Sensitive Information Exposure in Gnupg

CWE-200Sensitive Information Exposure12 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
3.2%
top 13.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GnupgGnupg LibgcryptCanonical Ubuntu Linux+1 more
Timeline
PublishedDec 13
Latest updateMay 14

Description

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDgnupg/libgcrypt1.5.3+9
NVDgnupg/gnupg1.4.14

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04

🔴Vulnerability Details

3
GHSA
GHSA-44wq-cf78-w397: The mixing functions in the random number generator in Libgcrypt before 12022-05-14
OSV
CVE-2016-6313: The mixing functions in the random number generator in Libgcrypt before 12016-12-13
CVEList
CVE-2016-6313: The mixing functions in the random number generator in Libgcrypt before 12016-12-13

📋Vendor Advisories

4
Ubuntu
GnuPG vulnerability2016-08-18
Ubuntu
Libgcrypt vulnerability2016-08-18
Red Hat
libgcrypt: PRNG output is predictable2016-08-17
Debian
CVE-2016-6313: gnupg1 - The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1...2016

💬Community

4
Bugzilla
CVE-2016-6313 mingw-libgcrypt: libgcrypt: PRNG output is predictable [epel-7]2016-11-02
Bugzilla
CVE-2016-6313 mingw-libgcrypt: libgcrypt: PRNG output is predictable [fedora-all]2016-11-02
Bugzilla
CVE-2016-6313 libgcrypt: PRNG output is predictable [fedora-all]2016-08-18
Bugzilla
CVE-2016-6313 libgcrypt: PRNG output is predictable2016-08-11
CVE-2016-6313 — Sensitive Information Exposure in Gnupg | cvebase