CVE-2021-33560
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
- T
Tim Bastin detected CVE-2021-33560 with a risk of 3.55
- T
Tim Bastin fixed CVE-2021-33560
- T
Tim Bastin detected CVE-2021-33560 with a risk of 3.55
System fixed CVE-2021-33560
System detected CVE-2021-33560 with a risk of 3.55
System fixed CVE-2021-33560
System detected CVE-2021-33560 with a risk of 3.55
System detected CVE-2021-33560 on another ref: main
System updated the risk assessment from 3.55 to 1.77
System recalculated raw risk assessment
- T
Tim Bastin fixed CVE-2021-33560
System updated the risk assessment from 1.77 to 3.55
System recalculated raw risk assessment
- S
Sebastian Kawelke updated the risk assessment from 3.55 to 2.6
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
- S
Sebastian Kawelke updated the risk assessment from 2.6 to 4.25
Confidentiality Requirement updated: low -> high
System updated the risk assessment from 4.25 to 4.4
System recalculated raw risk assessment
Reopen this vulnerability
Affected component
debian/libgcrypt20