CVE-2021-3345

Vulnerability

A heap-based buffer overflow exists in _gcry_md_block_write in cipher/hash-common.c of Libgcrypt version 1.9.0. The bug was introduced during development about two years ago and only affects this single released version (1.9.0, published 2021-01-19). The vulnerability occurs when the digest final function sets an unexpectedly large count value, causing an incorrect assumption in the block buffer management code [1][3][4].

Exploitation

An attacker can exploit this vulnerability by supplying crafted data for decryption. No verification or signature validation is required before the overflow is triggered; just decrypting the malicious data is sufficient. The heap overflow writes attacker-controlled data past the allocated buffer. The exploit is described as simple and straightforward [1][4].

Impact

Successful exploitation yields a heap buffer overflow that can be used to overwrite adjacent heap memory with attacker-controlled data. This can lead to arbitrary code execution in the context of the process using Libgcrypt, potentially compromising the confidentiality, integrity, and availability of the affected system [1][4].

Mitigation

Users must immediately upgrade to Libgcrypt 1.9.1, released on 2021-01-29, which contains the fix. The previous version, 1.9.0, has been removed from the official FTP server to prevent accidental use. Maintainers of affected distributions (e.g., Fedora 34, Gentoo) have been advised to mask or update the package [1][3][4].