CVE-2021-33560
Description
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 lacks exponent blinding in ElGamal encryption, enabling side-channel attacks on mpi_powm.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 lacks exponent blinding in ElGamal encryption, enabling side-channel attacks on mpi_powm.
Vulnerability
Libgcrypt's ElGamal encryption implementation in versions before 1.8.8 and 1.9.x before 1.9.3 mishandles exponent blinding, leaving the mpi_powm operation vulnerable to side-channel attacks. Additionally, the window size is not chosen appropriately. This affects use of ElGamal in OpenPGP [1][4].
Exploitation
An attacker with the ability to observe side-channel information (e.g., timing, power consumption) during the encryption operation could potentially recover the private key. No authentication or network position is required beyond being able to monitor the cryptographic operation. The lack of exponent blinding makes the mpi_powm operation leak sensitive data through side channels.
Impact
Successful exploitation could lead to disclosure of the private key used in ElGamal encryption, compromising the confidentiality of encrypted communications. The attacker gains the ability to decrypt messages encrypted with the affected key.
Mitigation
The fix is included in Libgcrypt versions 1.8.8 and 1.9.3, released on 2021-04-19 [4]. Users should upgrade to these versions or later. The commit [1] introduces exponent blinding to harden the implementation. No workaround is available; upgrading is required.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
39- Libgcrypt/Libgcryptdescription
- osv-coords37 versionspkg:rpm/almalinux/libgcryptpkg:rpm/almalinux/libgcrypt-develpkg:rpm/opensuse/libgcrypt&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libgcrypt&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/libgcrypt&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libgcrypt&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/libgcrypt&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libgcrypt&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/libgcrypt&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/libgcrypt&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/libgcrypt&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/libgcrypt&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/libgcrypt&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/libgcrypt&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1.8.5-6.el8+ 36 more
- (no CPE)range: < 1.8.5-6.el8
- (no CPE)range: < 1.8.5-6.el8
- (no CPE)range: < 1.8.2-lp152.17.3.1
- (no CPE)range: < 1.8.2-8.39.1
- (no CPE)range: < 1.9.4-1.2
- (no CPE)range: < 1.6.1-16.77.1
- (no CPE)range: < 1.8.2-8.39.1
- (no CPE)range: < 1.8.2-8.39.1
- (no CPE)range: < 1.8.2-8.39.1
- (no CPE)range: < 1.8.2-6.52.1
- (no CPE)range: < 1.8.2-6.52.1
- (no CPE)range: < 1.8.2-8.39.1
- (no CPE)range: < 1.8.2-8.39.1
- (no CPE)range: < 1.8.2-8.39.1
- (no CPE)range: < 1.5.0-0.26.6.1
- (no CPE)range: < 1.5.0-0.26.6.1
- (no CPE)range: < 1.6.1-16.77.1
- (no CPE)range: < 1.6.1-16.77.1
- (no CPE)range: < 1.6.1-16.77.1
- (no CPE)range: < 1.6.1-16.77.1
- (no CPE)range: < 1.6.1-16.77.1
- (no CPE)range: < 1.8.2-8.39.1
- (no CPE)range: < 1.8.2-8.39.1
- (no CPE)range: < 1.8.2-6.52.1
- (no CPE)range: < 1.6.1-16.77.1
- (no CPE)range: < 1.6.1-16.77.1
- (no CPE)range: < 1.6.1-16.77.1
- (no CPE)range: < 1.8.2-6.52.1
- (no CPE)range: < 1.8.2-8.39.1
- (no CPE)range: < 1.6.1-16.77.1
- (no CPE)range: < 1.8.2-8.39.1
- (no CPE)range: < 1.8.2-8.39.1
- (no CPE)range: < 1.8.2-8.39.1
- (no CPE)range: < 1.6.1-16.77.1
- (no CPE)range: < 1.6.1-16.77.1
- (no CPE)range: < 1.6.1-16.77.1
- (no CPE)range: < 1.6.1-16.77.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL/mitrevendor-advisory
- security.gentoo.org/glsa/202210-13mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2021/06/msg00021.htmlmitremailing-list
- dev.gnupg.org/T5305mitre
- dev.gnupg.org/T5328mitre
- dev.gnupg.org/T5466mitre
- dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61mitre
- www.oracle.com/security-alerts/cpuapr2022.htmlmitre
- www.oracle.com/security-alerts/cpujan2022.htmlmitre
- www.oracle.com/security-alerts/cpujul2022.htmlmitre
- www.oracle.com/security-alerts/cpuoct2021.htmlmitre
News mentions
0No linked articles in our index yet.