Medium severity5.3NVD Advisory· Published Dec 13, 2016· Updated Jun 17, 2026
CVE-2016-6313
CVE-2016-6313
Description
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
25cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*range: <=1.5.3
- cpe:2.3:a:gnupg:libgcrypt:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.7.2:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- Range: <1.5.6, <1.6.6, <1.7.3
- osv-coords8 versionspkg:rpm/opensuse/libgcrypt&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 1.7.3-1.3+ 7 more
- (no CPE)range: < 1.7.3-1.3
- (no CPE)range: < 1.6.1-16.33.1
- (no CPE)range: < 1.5.0-0.22.1
- (no CPE)range: < 1.6.1-16.33.1
- (no CPE)range: < 1.5.0-0.22.1
- (no CPE)range: < 1.6.1-16.33.1
- (no CPE)range: < 1.5.0-0.22.1
- (no CPE)range: < 1.6.1-16.33.1
Patches
Vulnerability mechanics
References
10- www.debian.org/security/2016/dsa-3649nvdThird Party Advisory
- www.debian.org/security/2016/dsa-3650nvdThird Party Advisory
- www.securityfocus.com/bid/92527nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-3064-1nvdThird Party Advisory
- www.ubuntu.com/usn/USN-3065-1nvdThird Party Advisory
- lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.htmlnvdMailing ListVendor Advisory
- rhn.redhat.com/errata/RHSA-2016-2674.htmlnvd
- www.securitytracker.com/id/1036635nvd
- security.gentoo.org/glsa/201610-04nvd
- security.gentoo.org/glsa/201612-01nvd
News mentions
0No linked articles in our index yet.