Описание
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libgcrypt20 | fixed | 1.9.4-2 | package | |
| libgcrypt20 | no-dsa | bullseye | package | |
| libgcrypt20 | no-dsa | buster | package | |
| libgcrypt20 | no-dsa | stretch | package |
Примечания
https://eprint.iacr.org/2021/923
https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e8b7f10be275bcedb5fc05ed4837a89bfd605c61 (1.9.x)
Related to CVE-2021-33560, but not a duplicate. Unfortunately scope of CVE-2021-33560 and
CVE-2021-40528 got switched at some point, and CVE-2021-33560 referring to the blinding
hardening. We keep the original association as per 2021-09-19 (until MITRE clarifies on
a query).
Связанные уязвимости
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
