CVE-2021-40529 — Use of a Broken or Risky Cryptographic Algorithm in Mozilla Thunderbird

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.3%

top 46.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Botan Project Botan Mozilla Thunderbird Debian Botan +1 more

Timeline

PublishedSep 6

Latest updateMay 24

Description

The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/botan< botan 2.18.1+dfsg-3 (bookworm)

▶NVDmozilla/thunderbird< 91.12.0

▶Debianbotan_project/botan< 2.18.1+dfsg-3+1

▶NVDbotan_project/botan2.18.1

Also affects: Fedora 34, 35

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-f9qg-252f-g8cg: The ElGamal implementation in Botan through 2↗2022-05-24

▶

OSV

CVE-2021-40529: The ElGamal implementation in Botan through 2↗2021-09-06

▶

📋Vendor Advisories

Debian

CVE-2021-40529: botan - The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and o...↗2021

▶