Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-40528

Published: 6 September 2021

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

Notes

AuthorNote
mdeslaur
The commits below reference CVE-2021-33560, but they appear to
actually be for this CVE, which was issued later. The original
CVE was switched later on to the exponent blinding issue
instead.

Priority

Medium

Cvss 3 Severity Score

5.9

Score breakdown

Status

Package Release Status
libgcrypt20
Launchpad, Ubuntu, Debian
impish
Released (1.8.7-5ubuntu2)
jammy
Released (1.8.7-5ubuntu2)
trusty Does not exist

upstream
Released (1.9.4-2)
bionic
Released (1.8.1-4ubuntu1.3)
focal
Released (1.8.5-5ubuntu1.1)
hirsute
Released (1.8.7-2ubuntu2.1)
xenial
Released (1.6.5-2ubuntu0.6+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
kinetic
Released (1.8.7-5ubuntu2)
lunar
Released (1.8.7-5ubuntu2)
Patches:
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=3462280f2e23e16adf3ed5176e0f2413d8861320 (1.9x)
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=707c3c5c511ee70ad0e39ec613471f665305fbea (1.8x)

Severity score breakdown

Parameter Value
Base score 5.9
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N