Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2021-40529

Published: 06/09/2021 Updated: 07/11/2023
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Subscribe to Botan Project

Vulnerability Summary

The ElGamal implementation in Botan up to and including 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

botan project botan

fedoraproject fedora 34

fedoraproject fedora 35

mozilla thunderbird

Vendor Advisories

Debian CVElist Bug Report Logs: botan: CVE-2021-40529
Debian Bug report logs - #993840 botan: CVE-2021-40529 Package: src:botan; Maintainer for src:botan is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 7 Sep 2021 06:27:02 UTC Severity: important Tags: security, upstream Found in version botan/2181+dfsg-2 ...
Arch Linux Issues:
The ElGamal implementation in Botan through 2181, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral ex ...

References

CWE-327https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2https://github.com/randombit/botan/pull/2790https://eprint.iacr.org/2021/923https://security.gentoo.org/glsa/202208-14https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPHGYWNJQKWLTUWBNSFB4F66MQDIL3IB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/72NB4OLD3VHJC3YF3PEP2HKF6BYURPAO/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993840https://nvd.nist.govhttps://security.archlinux.org/CVE-2021-40529
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
brute forceCVE-2024-24908open redirectCVE-2024-31497CVE-2023-45866CVE-2024-4135CVE-2024-25523cache poisoningCVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook