rpm package

almalinux/libgcrypt

pkg:rpm/almalinux/libgcrypt

Vulnerabilities (3)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-2236	Med	5.9	< 1.10.0-11.el9	1.10.0-11.el9	Mar 6, 2024	A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
CVE-2021-40528		—	< 1.8.5-7.el8_6	1.8.5-7.el8_6	Sep 6, 2021	The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, a
CVE-2021-33560		—	< 1.8.5-6.el8	1.8.5-6.el8	Jun 8, 2021	Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

CVE-2024-2236MedMar 6, 2024
affected < 1.10.0-11.el9fixed 1.10.0-11.el9
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
CVE-2021-40528Sep 6, 2021
affected < 1.8.5-7.el8_6fixed 1.8.5-7.el8_6
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, a
CVE-2021-33560Jun 8, 2021
affected < 1.8.5-6.el8fixed 1.8.5-6.el8
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.