Denial Of Service (DoS)

2021-09-0813:25:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

57.7%

JSON

libgcrypt20:sid is vulnerable to denial of service. The ElGamal implementation in Libgcrypt allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver’s public key, the generator defined by the receiver’s public key, and the sender’s ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

CPENameOperatorVersion
libgcrypt20:sideq1.8.7-2
libgcrypt:3.11eq1.8.8-r0
libgcrypt:3.11eq1.8.5-r0
libgcrypt:3.13eq1.8.8-r0
libgcrypt:3.13eq1.8.7-r0
libgcrypt:3.12eq1.8.8-r0
libgcrypt:3.12eq1.8.5-r0
libgcrypt20:develeq1.8.7-5ubuntu1
libgcrypt20:develeq1.8.7-2ubuntu2
libgcrypt20:develeq1.8.5-5ubuntu2

Name	Operator	Version
libgcrypt20:sid	eq	1.8.7-2
libgcrypt:3.11	eq	1.8.8-r0
libgcrypt:3.11	eq	1.8.5-r0
libgcrypt:3.13	eq	1.8.8-r0
libgcrypt:3.13	eq	1.8.7-r0
libgcrypt:3.12	eq	1.8.8-r0
libgcrypt:3.12	eq	1.8.5-r0
libgcrypt20:devel	eq	1.8.7-5ubuntu1
libgcrypt20:devel	eq	1.8.7-2ubuntu2
libgcrypt20:devel	eq	1.8.5-5ubuntu2