Описание
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.8.1-4ubuntu1.3 |
| devel | released | 1.8.7-5ubuntu2 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 1.8.1-4ubuntu1.3 |
| esm-infra/focal | not-affected | 1.8.5-5ubuntu1.1 |
| esm-infra/xenial | released | 1.6.5-2ubuntu0.6+esm1 |
| fips-preview/jammy | released | 1.8.7-5ubuntu2 |
| fips-updates/bionic | released | 1.8.1-4ubuntu1.fips.3 |
| fips-updates/focal | released | 1.8.5-5ubuntu1.fips.1.1 |
| fips-updates/jammy | released | 1.8.7-5ubuntu2 |
Показывать по
Ссылки на источники
EPSS
2.6 Low
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext ...
EPSS
2.6 Low
CVSS2
5.9 Medium
CVSS3