Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2021-3345

Published: 29/01/2021 Updated: 07/11/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 642
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Libgcrypt

Vulnerability Summary

_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnupg libgcrypt 1.9.0

oracle communications billing and revenue management 12.0.0.3.0

Vendor Advisories

Debian CVElist Bug Report Logs: libgcrypt20: CVE-2021-3345: Exploitable heap-based buffer overflow (Only relevant for Debian/experimental)
Debian Bug report logs - #981370 libgcrypt20: CVE-2021-3345: Exploitable heap-based buffer overflow (Only relevant for Debian/experimental) Package: libgcrypt20; Maintainer for libgcrypt20 is Debian GnuTLS Maintainers <pkg-gnutls-maint@listsaliothdebianorg>; Source for libgcrypt20 is src:libgcrypt20 (PTS, buildd, popcon) ...
Arch Linux Issues:
_gcry_md_block_write in cipher/hash-commonc in libgcrypt version 190 has a heap-based buffer overflow when the digest final function sets a large count value Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs The issue is fixed in version ...

Github Repositories

https://github.com/MLGRadish/CVE-2021-3345

POC exploit of CVE-2021-3345, a vulnerability in libgcrypt version 1.9.0

CVE-2021-3345 How to build vulnerable libgcrypt git clone --single-branch --branch LIBGCRYPT-19-BRANCH devgnupgorg/source/libgcryptgit cd libgcrypt git checkout aa3f595341eb /autogensh /configure --enable-maintainer-mode && make How to use exploit make /main This vuln

https://github.com/SpiralBL0CK/CVE-2021-3345

Actual working exploit for CVE-2021-3345

CVE-2021-3345 Actual working exploit for CVE-2021-3345

References

CWE-787https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.htmlhttps://gnupg.orghttps://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.htmlhttps://bugs.gentoo.org/show_bug.cgi?id=767814https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=512c0c75276949f13b6373b5c04f7065af750b08https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981370https://nvd.nist.govhttps://github.com/MLGRadish/CVE-2021-3345https://security.archlinux.org/CVE-2021-3345
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook