CVE-2021-40530 — Use of a Broken or Risky Cryptographic Algorithm in Crypto

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.3%

top 51.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libcrypto Cryptopp Crypto Fedoraproject Fedora

Timeline

PublishedSep 6

Latest updateMay 24

Description

The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/libcrypto< libcrypto++ 8.6.0-1 (bookworm)

▶NVDcryptopp/crypto8.5

Also affects: Fedora 33, 34, 35

🔴Vulnerability Details

GHSA

GHSA-p3r9-6fhw-hgv8: The ElGamal implementation in Crypto++ through 8↗2022-05-24

▶

OSV

CVE-2021-40530: The ElGamal implementation in Crypto++ through 8↗2021-09-06

▶

📋Vendor Advisories

Debian

CVE-2021-40530: libcrypto++ - The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery bec...↗2021

▶