Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:gnupg:libgcrypt:1.8.6:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-40528 |
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. Published: September 06, 2021; 3:15:07 PM -0400 |
V3.1: 5.9 MEDIUM V2.0: 2.6 LOW |
CVE-2021-33560 |
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. Published: June 08, 2021; 7:15:07 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |