Gnupg Libgcrypt
By the Year
In 2024 there have been 0 vulnerabilities in Gnupg Libgcrypt . Libgcrypt did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 3 | 7.07 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 5.90 |
| 2018 | 2 | 6.10 |
It may take a day or so for new Libgcrypt vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Gnupg Libgcrypt Security Vulnerabilities
The ElGamal implementation in Libgcrypt before 1.9.4
CVE-2021-40528
5.9 - Medium
- September 06, 2021
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
Use of a Broken or Risky Cryptographic Algorithm
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption
CVE-2021-33560
7.5 - High
- June 08, 2021
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
Side Channel Attack
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value
CVE-2021-3345
7.8 - High
- January 29, 2021
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.
Memory Corruption
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack
CVE-2019-12904
5.9 - Medium
- June 20, 2019
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack
Exposure of Resource to Wrong Sphere
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures
CVE-2018-0495
4.7 - Medium
- June 13, 2018
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Side Channel Attack
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which
CVE-2018-6829
7.5 - High
- February 07, 2018
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
Use of a Broken or Risky Cryptographic Algorithm
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Gnupg Libgcrypt or by Gnupg? Click the Watch button to subscribe.
