Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libgcrypt vulnerabilities and exploits
(subscribe to this query)
231
VMScore
CVE-2021-40528
The ElGamal implementation in Libgcrypt prior to 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's p...
Gnupg Libgcrypt
445
VMScore
CVE-2021-33560
Libgcrypt prior to 1.8.8 and 1.9.x prior to 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
Gnupg Libgcrypt
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Oracle Communications Cloud Native Core Network Repository Function 1.14.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.9.0
Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.1
Oracle Communications Cloud Native Core Binding Support Function 1.11.0
1 Github repository
642
VMScore
CVE-2021-3345
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.
Gnupg Libgcrypt 1.9.0
Oracle Communications Billing And Revenue Management 12.0.0.3.0
2 Github repositories
605
VMScore
CVE-2019-11745
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68....
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
Opensuse Leap 15.1
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Debian Debian Linux 9.0
Redhat Enterprise Linux Server Aus 6.6
Siemens Ruggedcom Rox Mx5000 Firmware
Siemens Ruggedcom Rox Rx1400 Firmware
Siemens Ruggedcom Rox Rx1500 Firmware
Siemens Ruggedcom Rox Rx1501 Firmware
Siemens Ruggedcom Rox Rx1510 Firmware
Siemens Ruggedcom Rox Rx1511 Firmware
Siemens Ruggedcom Rox Rx1512 Firmware
Siemens Ruggedcom Rox Rx5000 Firmware
384
VMScore
CVE-2015-0837
The mpi_powm function in Libgcrypt prior to 1.6.3 and GnuPG prior to 1.4.19 allows malicious users to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel ...
Gnupg Gnupg
Gnupg Libgcrypt
Debian Debian Linux 7.0
Debian Debian Linux 8.0
170
VMScore
CVE-2014-3591
Libgcrypt prior to 1.6.3 and GnuPG prior to 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate malicious users to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the ...
Gnupg Gnupg
Gnupg Libgcrypt
Debian Debian Linux 7.0
Debian Debian Linux 8.0
231
VMScore
CVE-2019-13627
It exists that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Opensuse Leap 15.0
Opensuse Leap 15.1
Libgcrypt20 Project Libgcrypt20 1.6.3-2\\+deb8u4
Libgcrypt20 Project Libgcrypt20 1.7.6-2\\+deb9u3
Libgcrypt20 Project Libgcrypt20 1.8.4-5
1 Github repository
446
VMScore
CVE-2019-11729
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox Esr
383
VMScore
CVE-2019-12904
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the ven...
Gnupg Libgcrypt 1.8.4
Opensuse Leap 15.0
384
VMScore
CVE-2018-12404
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
Mozilla Network Security Services
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »