Описание
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
Ссылки
- Technical DescriptionThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Technical DescriptionThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
5.9 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
Связанные уязвимости
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext ...
EPSS
5.9 Medium
CVSS3
2.6 Low
CVSS2