Описание
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.
A flaw was found in libgcrypt. A heap-based buffer overflow in the block buffer management code may lead to memory corruption before any verification is made or signature is validated. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
No Red Hat products are affected by this flaw, as the vulnerable version of libgcrypt (1.9.0) has not been shipped in any products.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libgcrypt | Not affected | ||
| Red Hat Enterprise Linux 7 | libgcrypt | Not affected | ||
| Red Hat Enterprise Linux 8 | libgcrypt | Not affected | ||
| Red Hat Enterprise Linux 9 | libgcrypt | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9. ...
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt before 1.9.1 has a heap-based buffer overflow when the digest final function sets a large count value.
Уязвимость функции _gcry_md_block_write (cipher / hash-common.c) криптографической библиотеки Libgcrypt, позволяющая нарушителю выполнить произвольный код
EPSS
9.8 Critical
CVSS3