Launchpad CVE tracker

CVE 2021-33560

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

Related bugs and status

CVE-2021-33560 (Candidate) is related to these bugs:

Bug #1974277: Please merge libgcrypt20 1.10.1-2 (main) from Debian unstable (main)

Summary				In	Importance	Status
	1974277	Please merge libgcrypt20 1.10.1-2 (main) from Debian unstable (main)		libgcrypt20 (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://dev.gnupg.org/...
MISC: https://dev.gnupg.org/...
MISC: https://dev.gnupg.org/...
MISC: https://dev.gnupg.org/...
MLIST: [debian-lts-announce] ...
FEDORA: FEDORA-2021-24d4e06195
FEDORA: FEDORA-2021-31fdc84207
MISC: https://www.oracle.com...
MISC: https://www.oracle.com...
MISC: https://www.oracle.com...
MISC: https://www.oracle.com...
GENTOO: GLSA-202210-13

Launchpad.net

CVE 2021-33560

Related bugs and status

Related bugs

References