Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnupg libgcrypt vulnerabilities and exploits
(subscribe to this query)
642
VMScore
CVE-2021-3345
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.
Gnupg Libgcrypt 1.9.0
Oracle Communications Billing And Revenue Management 12.0.0.3.0
2 Github repositories
446
VMScore
CVE-2018-6829
cipher/elgamal.c in Libgcrypt up to and including 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows malicious users to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertex...
Gnupg Libgcrypt
445
VMScore
CVE-2021-33560
Libgcrypt prior to 1.8.8 and 1.9.x prior to 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
Gnupg Libgcrypt
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Oracle Communications Cloud Native Core Network Repository Function 1.14.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.9.0
Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.1
Oracle Communications Cloud Native Core Binding Support Function 1.11.0
1 Github repository
445
VMScore
CVE-2017-0379
Libgcrypt prior to 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for malicious users to discover a secret key, related to cipher/ecc.c and mpi/ec.c.
Gnupg Libgcrypt
Debian Debian Linux 9.0
384
VMScore
CVE-2015-0837
The mpi_powm function in Libgcrypt prior to 1.6.3 and GnuPG prior to 1.4.19 allows malicious users to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel ...
Gnupg Gnupg
Gnupg Libgcrypt
Debian Debian Linux 7.0
Debian Debian Linux 8.0
384
VMScore
CVE-2017-7526
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computatio...
Gnupg Libgcrypt
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
383
VMScore
CVE-2019-12904
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the ven...
Gnupg Libgcrypt 1.8.4
Opensuse Leap 15.0
383
VMScore
CVE-2017-9526
In Libgcrypt prior to 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that con...
Gnupg Libgcrypt
231
VMScore
CVE-2021-40528
The ElGamal implementation in Libgcrypt prior to 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's p...
Gnupg Libgcrypt
188
VMScore
CVE-2014-5270
Libgcrypt prior to 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate malicious users to conduct key-extraction attacks by leveraging the ability to collect vo...
Gnupg Libgcrypt 1.5.0
Gnupg Libgcrypt 1.4.6
Gnupg Libgcrypt
Gnupg Libgcrypt 1.4.3
Gnupg Libgcrypt 1.4.0
Gnupg Libgcrypt 1.4.5
Gnupg Libgcrypt 1.4.4
Gnupg Libgcrypt 1.5.2
Gnupg Libgcrypt 1.5.1
Debian Debian Linux 7.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »