CVE-2021-40528

Опубликовано: 06 сент. 2021

Источник: ubuntu

Приоритет: medium

CVSS2: 2.6

CVSS3: 5.9

Описание

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

Релиз	Статус	Примечание
bionic	released	1.8.1-4ubuntu1.3
devel	released	1.8.7-5ubuntu2
esm-infra-legacy/trusty	DNE
esm-infra/bionic	released	1.8.1-4ubuntu1.3
esm-infra/focal	released	1.8.5-5ubuntu1.1
esm-infra/xenial	released	1.6.5-2ubuntu0.6+esm1
fips-preview/jammy	released	1.8.7-5ubuntu2
fips-updates/bionic	released	1.8.1-4ubuntu1.fips.3
fips-updates/focal	released	1.8.5-5ubuntu1.fips.1.1
fips-updates/jammy	released	1.8.7-5ubuntu2

Показывать по

Ссылки на источники

2.6 Low

CVSS2

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2021-40528

CVSS3: 5.9

redhat

больше 4 лет назад

CVE-2021-40528

CVSS3: 5.9

nvd

больше 4 лет назад

CVE-2021-40528

CVSS3: 5.9

msrc

больше 4 лет назад

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because during interaction between two cryptographic libraries a certain dangerous combination of the prime defined by the receiver's public key the generator defined by the receiver's public key and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

CVE-2021-40528

CVSS3: 5.9

debian

больше 4 лет назад

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext ...

RLSA-2022:5311

rocky

больше 3 лет назад

Moderate: libgcrypt security update

2.6 Low

CVSS2

5.9 Medium

CVSS3

CVE-2021-40528

Описание

Пакет libgcrypt20

Ссылки на источники

Связанные уязвимости