CVE-2021-33560Observable Discrepancy in Libgcrypt

CWE-203Observable DiscrepancyCWE-325Missing Cryptographic StepCWE-327Use of a Broken or Risky Cryptographic Algorithm11 documents9 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 37.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Gnupg LibgcryptDebian LinuxFedoraproject Fedora+5 more
Timeline
PublishedJun 8
Latest updateMay 24

Description

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

NVDgnupg/libgcrypt1.9.01.9.3+1

Also affects: Debian Linux 9.0, Fedora 33, 34

Patches

Patch: dev.gnupg.orgPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-g9p5-p7h5-p2wg: Libgcrypt before 12022-05-24
OSV
CVE-2021-33560: Libgcrypt before 12021-06-08
CVEList
CVE-2021-33560: Libgcrypt before 12021-06-08

📋Vendor Advisories

7
Oracle
Oracle Oracle Communications Risk Matrix: Configuration (libgcrypt) — CVE-2021-335602022-01-15
Oracle
Oracle Oracle Communications Risk Matrix: Measurements (libgcrypt) — CVE-2021-335602021-10-15
Ubuntu
Libgcrypt vulnerabilities2021-09-16
Ubuntu
Libgcrypt vulnerabilities2021-09-16
Microsoft
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm and the window size is not chosen appro2021-06-08
CVE-2021-33560 — Observable Discrepancy in Libgcrypt | cvebase