DevGuard Logo

🛡️ DevGuard
Group
/🧩 DevGuard Action
Repository

Overview
Compliance
Artifacts
Code Risks
Dependency Risks
License Risks
Dependencies

CVE-2021-33560

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

Open
MEDIUM (4.4)
  • logo

    System detected CVE-2021-33560 with a risk of 4.4

    main
  • logo

    System created a ticket for CVE-2021-33560

    main

    Everything after this entry will be synced with the external system. The ticket can be found at https://github.com/l3montree-dev/devguard-action/issues/130

  • S

    Sebastian Kawelke updated the risk assessment from 4.4 to 2.6

    attesting

    Confidentiality Requirement updated: high -> low, Availability Requirement updated: low -> high

  • S

    Sebastian Kawelke updated the risk assessment from 2.2 to 1.3

    0.12.0

    Confidentiality Requirement updated: high -> low, Availability Requirement updated: low -> high

  • S

    Sebastian Kawelke updated the risk assessment from 2.6 to 4.25

    attesting

    Confidentiality Requirement updated: low -> high

  • S

    Sebastian Kawelke updated the risk assessment from 1.3 to 2.12

    0.12.0

    Confidentiality Requirement updated: low -> high

  • logo

    System updated the risk assessment from 2.12 to 2.2

    0.12.0

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.25 to 4.4

    attesting

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 2.2 to 2.21

    0.12.0

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.4 to 4.42

    attesting

    System recalculated raw risk assessment

  • logo

    System fixed CVE-2021-33560

    0.12.0
  • logo

    System fixed CVE-2021-33560

    attesting
  • logo

    System detected CVE-2021-33560 with a risk of 2.21

    0.12.0
  • logo

    System updated the risk assessment from 2.21 to 4.42

    attesting

    System recalculated raw risk assessment

Add a comment

Mark as False Positive
Last calculated at:

Affected component

debian/libgcrypt20

Installed version:
1.10.1
Fixed in:
no patch available
Show in dependency graph

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 2ab7b793efd72421aea8c3a994ac60202bf1b3a5