CVE-2021-40528

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

CVSS v3 5.9 MEDIUM
CVSS v2.0 2.6 LOW

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://eprint.iacr.org/2021/923	Technical Description Third Party Advisory
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f2e23e16adf3ed5176e0f2413d8861320
https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1	Third Party Advisory
https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2	Exploit Third Party Advisory
https://security.gentoo.org/glsa/202210-13	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-09-06 19:15

Updated : 2023-11-07 03:38

NVD link : CVE-2021-40528

Mitre link : CVE-2021-40528

CVE.ORG link : CVE-2021-40528

JSON object : View

Products Affected

gnupg

libgcrypt

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

{"id": "CVE-2021-40528", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2021-09-06T19:15:07.587", "references": [{"url": "https://eprint.iacr.org/2021/923", "tags": ["Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f2e23e16adf3ed5176e0f2413d8861320", "source": "cve@mitre.org"}, {"url": "https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/202210-13", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP."}, {"lang": "es", "value": "Una implementaci\u00f3n de ElGamal en Libgcrypt versiones anteriores a 1.9.4, permite una recuperaci\u00f3n de texto plano porque, durante la interacci\u00f3n entre dos bibliotecas criptogr\u00e1ficas, una determinada combinaci\u00f3n peligrosa del primo definido por la clave p\u00fablica del receptor, el generador definido por la clave p\u00fablica del receptor y los exponentes ef\u00edmeros del emisor puede conllevar a un ataque de configuraci\u00f3n cruzada contra OpenPGP."}], "lastModified": "2023-11-07T03:38:36.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8F745E7-4B6F-404D-997D-0B27ED8DB2D6", "versionEndExcluding": "1.9.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}