Home

CVE-2021-33560

Description

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.425

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2021:2156-1(SUSE Linux Enterprise Server 12-SP5 ) libgcrypt-debugsource-1.6.1-16.77.1.x86_64.rpmLinux
SUSE-SU-2021:2156-1(SUSE Linux Enterprise Server 12-SP5 ) libgcrypt20-1.6.1-16.77.1.x86_64.rpmLinux
SUSE-SU-2021:2156-1(SUSE Linux Enterprise Server 12-SP5 ) libgcrypt20-32bit-1.6.1-16.77.1.x86_64.rpmLinux
SUSE-SU-2021:2156-1(SUSE Linux Enterprise Server 12-SP5 ) libgcrypt20-debuginfo-1.6.1-16.77.1.x86_64.rpmLinux
SUSE-SU-2021:2156-1(SUSE Linux Enterprise Server 12-SP5 ) libgcrypt20-debuginfo-32bit-1.6.1-16.77.1.x86_64.rpmLinux
SUSE-SU-2021:2156-1(SUSE Linux Enterprise Server 12-SP5 ) libgcrypt20-hmac-1.6.1-16.77.1.x86_64.rpmLinux
SUSE-SU-2021:2156-1(SUSE Linux Enterprise Server 12-SP5 ) libgcrypt20-hmac-32bit-1.6.1-16.77.1.x86_64.rpmLinux
LGPL Crypto library (USN-5080-1) libgcrypt20_1.8.1-4ubuntu1.3_i386.debLinux
LGPL Crypto library (USN-5080-1) libgcrypt20_1.8.1-4ubuntu1.3_amd64.debLinux
LGPL Crypto library (USN-5080-1) libgcrypt20_1.8.5-5ubuntu1.1_i386.debLinux
LGPL Crypto library (USN-5080-1) libgcrypt20_1.8.5-5ubuntu1.1_amd64.debLinux
LGPL Crypto library (USN-5080-1) libgcrypt20_1.8.7-2ubuntu2.1_i386.debLinux
LGPL Crypto library (USN-5080-1) libgcrypt20_1.8.7-2ubuntu2.1_amd64.debLinux
Libgcrypt update (ELSA-2022-5311) libgcrypt-1.8.5-7.el8_6.i686.rpmLinux
Libgcrypt update (ELSA-2022-5311) libgcrypt-1.8.5-7.el8_6.x86_64.rpmLinux
Libgcrypt-devel update (ELSA-2022-5311) libgcrypt-devel-1.8.5-7.el8_6.i686.rpmLinux
Libgcrypt-devel update (ELSA-2022-5311) libgcrypt-devel-1.8.5-7.el8_6.x86_64.rpmLinux
libgcrypt security and bug fix update (RLSA-2021:4409) libgcrypt-1.8.5-6.el8.i686.rpmLinux
libgcrypt security and bug fix update (RLSA-2021:4409) libgcrypt-1.8.5-6.el8.x86_64.rpmLinux
libgcrypt security and bug fix update (RLSA-2021:4409) libgcrypt-devel-1.8.5-6.el8.i686.rpmLinux
libgcrypt security and bug fix update (RLSA-2021:4409) libgcrypt-devel-1.8.5-6.el8.x86_64.rpmLinux
SUSE-SU-2021:2157-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libgcrypt20-1.8.2-8.39.1.x86_64.rpmLinux
SUSE-SU-2021:2157-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libgcrypt-devel-1.8.2-8.39.1.x86_64.rpmLinux
SUSE-SU-2021:2157-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libgcrypt20-hmac-1.8.2-8.39.1.x86_64.rpmLinux
SUSE-SU-2021:2157-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libgcrypt20-32bit-1.8.2-8.39.1.x86_64.rpmLinux
SUSE-SU-2021:2157-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libgcrypt-debugsource-1.8.2-8.39.1.x86_64.rpmLinux
SUSE-SU-2021:2157-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libgcrypt20-debuginfo-1.8.2-8.39.1.x86_64.rpmLinux
SUSE-SU-2021:2157-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libgcrypt20-hmac-32bit-1.8.2-8.39.1.x86_64.rpmLinux
SUSE-SU-2021:2157-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libgcrypt-devel-debuginfo-1.8.2-8.39.1.x86_64.rpmLinux
SUSE-SU-2021:2157-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libgcrypt20-32bit-debuginfo-1.8.2-8.39.1.x86_64.rpmLinux
libgcrypt Security Update (ALAS-2022-1769) libgcrypt-1.5.3-14.amzn2.0.3.i686.rpmLinux
libgcrypt Security Update (ALAS-2022-1769) libgcrypt-1.5.3-14.amzn2.0.3.x86_64.rpmLinux
libgcrypt Security Update (ALAS-2022-1769) libgcrypt-devel-1.5.3-14.amzn2.0.3.x86_64.rpmLinux
Observable Discrepancy Vulnerability (CVE-2021-33560)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234