Libgcrypt Gnupg Libgcrypt

Do you want an email whenever new security vulnerabilities are reported in Gnupg Libgcrypt?

By the Year

In 2022 there have been 0 vulnerabilities in Gnupg Libgcrypt . Last year Libgcrypt had 3 security vulnerabilities published. Right now, Libgcrypt is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 3 7.07
2020 0 0.00
2019 1 5.90
2018 2 6.10

It may take a day or so for new Libgcrypt vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Gnupg Libgcrypt Security Vulnerabilities

The ElGamal implementation in Libgcrypt before 1.9.4

CVE-2021-40528 5.9 - Medium - September 06, 2021

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

Use of a Broken or Risky Cryptographic Algorithm

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption

CVE-2021-33560 7.5 - High - June 08, 2021

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

Side Channel Attack

_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value

CVE-2021-3345 7.8 - High - January 29, 2021

_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.

Memory Corruption

** DISPUTED ** In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack

CVE-2019-12904 5.9 - Medium - June 20, 2019

** DISPUTED ** In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack.

Cryptographic Issues

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures

CVE-2018-0495 4.7 - Medium - June 13, 2018

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Side Channel Attack

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which

CVE-2018-6829 7.5 - High - February 07, 2018

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

Use of a Broken or Risky Cryptographic Algorithm

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Gnupg Libgcrypt or by Gnupg? Click the Watch button to subscribe.

Gnupg
Vendor

subscribe