Lucene search
PRIOn knowledge basePRION:CVE-2021-40528HistorySep 06, 2021 - 7:15 p.m.
Cross site scripting
2021-09-0619:15:00
PRIOn knowledge base
www.prio-n.com
6
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver’s public key, the generator defined by the receiver’s public key, and the sender’s ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
References
eprint.iacr.org/2021/923
git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=3462280f2e23e16adf3ed5176e0f2413d8861320
ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
security.gentoo.org/glsa/202210-13
Related
cve
cve
CVE-2021-40528
2021-09-06 19:15:07
nessus
nessus
AlmaLinux 8 : libgcrypt (5311) (ALSA-2022:5311)
2022-07-21 00:00:00
EulerOS 2.0 SP10 : libgcrypt (EulerOS-SA-2022-1228)
2022-02-25 00:00:00
Oracle Linux 8 : libgcrypt (ELSA-2022-5311)
2022-07-01 00:00:00
osv
osv
CVE-2021-40528
2021-09-06 19:15:07
Moderate: libgcrypt security update
2022-06-28 10:51:57
libgcrypt20 - security update
2021-06-25 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2021-2914)
2021-12-31 00:00:00
Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2022-1404)
2022-04-13 00:00:00
Debian: Security Advisory (DLA-2691-1)
2021-06-25 00:00:00
almalinux
almalinux
Moderate: libgcrypt security update
2022-06-30 00:00:00
oraclelinux
oraclelinux
libgcrypt security update
2022-07-01 00:00:00
libgcrypt security update
2022-07-07 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a cross-configuration attack against OpenPGP (CVE-2021-40528)
2023-01-12 21:59:00
mageia
mageia
Updated libgcrypt packages fix security vulnerability
2021-09-29 20:22:22
veracode
veracode
Denial Of Service (DoS)
2021-09-08 13:25:34
cvelist
cvelist
CVE-2021-40528
2021-09-06 00:00:00
debiancve
debiancve
CVE-2021-40528
2021-09-06 19:15:07
rocky
rocky
libgcrypt security update
2022-06-28 10:51:57
photon
photon
Moderate Photon OS Security Update - PHSA-2021-0124
2021-10-21 00:00:00
Moderate Photon OS Security Update - PHSA-2021-4.0-0124
2021-11-05 00:00:00
Moderate Photon OS Security Update - PHSA-2022-0473
2022-02-18 00:00:00
redhat
redhat
(RHSA-2022:5311) Moderate: libgcrypt security update
2022-06-28 10:51:57
(RHSA-2022:5699) Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 security update
2022-07-28 14:39:39
(RHSA-2022:5704) Moderate: ACS 3.71 enhancement and security update
2022-07-25 21:38:29
redos
redos
ROS-20220125-15
2022-01-25 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2316
2023-12-26 11:51:16
alpinelinux
alpinelinux
CVE-2021-40528
2021-09-06 19:15:07
cbl_mariner
cbl_mariner
CVE-2021-40528 affecting package libgcrypt 1.8.7-3
2021-11-06 06:45:24
nvd
nvd
CVE-2021-40528
2021-09-06 19:15:07
redhatcve
redhatcve
CVE-2021-40528
2021-09-09 19:46:03
cloudfoundry
cloudfoundry
USN-5080-1: Libgcrypt vulnerabilities | Cloud Foundry
2021-10-28 00:00:00
ubuntu
ubuntu
Libgcrypt vulnerabilities
2021-09-16 00:00:00
Libgcrypt vulnerabilities
2021-09-16 00:00:00
gentoo
gentoo
libgcrypt: Multiple Vulnerabilities
2022-10-31 00:00:00
ubuntucve
ubuntucve
CVE-2021-40528
2021-09-06 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00