Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:35
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
07 Dec 2022, 01:20
Type | Values Removed | Values Added |
---|---|---|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202210-13 - Third Party Advisory |
31 Oct 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 May 2022, 17:28
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:* |
|
First Time |
Oracle communications Cloud Native Core Network Slice Selection Function
Oracle communications Cloud Native Core Service Communication Proxy Oracle communications Cloud Native Core Binding Support Function |
20 Apr 2022, 00:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Mar 2022, 15:21
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle communications Cloud Native Core Network Function Cloud Native Environment
|
|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:* |
07 Feb 2022, 16:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Dec 2021, 21:07
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:* |
20 Oct 2021, 11:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Sep 2021, 19:47
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB/ - Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
06 Sep 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. | |
References |
|
01 Jul 2021, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jun 2021, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Jun 2021, 15:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:* | |
CWE | CWE-203 | |
References | (MISC) https://dev.gnupg.org/T5305 - Release Notes, Vendor Advisory | |
References | (MISC) https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61 - Patch, Vendor Advisory | |
References | (MISC) https://dev.gnupg.org/T5466 - Release Notes, Vendor Advisory | |
References | (MISC) https://dev.gnupg.org/T5328 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
08 Jun 2021, 11:37
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-08 11:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-33560
Mitre link : CVE-2021-33560
CVE.ORG link : CVE-2021-33560
JSON object : View
Products Affected
oracle
- communications_cloud_native_core_binding_support_function
- communications_cloud_native_core_network_slice_selection_function
- communications_cloud_native_core_service_communication_proxy
- communications_cloud_native_core_network_function_cloud_native_environment
- communications_cloud_native_core_network_repository_function
gnupg
- libgcrypt
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-203
Observable Discrepancy