DevGuard Logo

🛡️ DevGuard
Group
/🧩 DevGuard CI-Components
Repository

Overview
Compliance
Artifacts
Code Risks
Dependency Risks
License Risks
Dependencies

CVE-2021-33560

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

Open
MEDIUM (4.4)
  • T

    Tim Bastin detected CVE-2021-33560 with a risk of 3.55

    main
  • T

    Tim Bastin fixed CVE-2021-33560

    main
  • T

    Tim Bastin detected CVE-2021-33560 with a risk of 3.55

    main
  • logo

    System updated the risk assessment to 1.77

    main

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment to 3.55

    main

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment to 1.77

    main

    System recalculated raw risk assessment

  • T

    Tim Bastin detected CVE-2021-33560 with a risk of 1.77

    0.9.0
  • logo

    System updated the risk assessment from 1.77 to 1.18

    main

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 1.77 to 1.18

    0.9.0

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 1.18 to 3.55

    main

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 1.18 to 3.55

    0.9.0

    System recalculated raw risk assessment

  • logo

    System

    main
  • logo

    System

    main
  • logo

    System fixed CVE-2021-33560

    main
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System detected CVE-2021-33560 with a risk of 3.55

    main
  • logo

    System

    main
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System

    main
  • logo

    System

    main
  • logo

    System fixed CVE-2021-33560

    main
  • logo

    System

    0.9.0
  • logo

    System

    0.9.0
  • logo

    System detected CVE-2021-33560 with a risk of 3.55

    main
  • T

    Tim Bastin detected CVE-2021-33560 with a risk of 3.55

    add-first-party-scan-to-gitlap-pipeline
  • T

    Tim Bastin detected CVE-2021-33560 with a risk of 3.55

    add-jobs-tags
  • T

    Tim Bastin detected CVE-2021-33560 with a risk of 3.55

    0.11.1
  • T

    Tim Bastin detected CVE-2021-33560 with a risk of 3.55

    feautre/sarif-sbom-upload-components
  • logo

    System updated the risk assessment from 1.77 to 3.55

    chore/adds-additional-env-flags

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 1.18 to 3.55

    examples

    System recalculated raw risk assessment

  • T

    Tim Bastin fixed CVE-2021-33560

    main
  • logo

    System updated the risk assessment from 3.55 to 1.77

    0.12.0

    System recalculated raw risk assessment

  • logo

    System

    add/artifact-name-input
  • logo

    System

    add/artifact-name-input
  • logo

    System

    add/artifact-name-input
  • logo

    System

    add/artifact-name-input
  • S

    Sebastian Kawelke updated the risk assessment from 3.55 to 2.6

    revert-c7057e5e

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 3.55 to 2.6

    0.11.1

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 3.55 to 2.6

    examples

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 1.77 to 1.3

    add/artifact-name-input

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 3.55 to 2.6

    feautre/sarif-sbom-upload-components

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 1.77 to 1.3

    0.12.0

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 3.55 to 2.6

    main

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 3.55 to 2.6

    add-jobs-tags

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 3.55 to 2.6

    add-first-party-scan-to-gitlap-pipeline

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 3.55 to 2.6

    fix-attest.yaml

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 3.55 to 2.6

    0.9.0

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 3.55 to 2.6

    chore/adds-additional-env-flags

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 3.55 to 2.6

    attest

    Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high

  • S

    Sebastian Kawelke updated the risk assessment from 2.6 to 4.25

    main

    Confidentiality Requirement updated: low -> high

  • S

    Sebastian Kawelke updated the risk assessment from 2.6 to 4.25

    revert-c7057e5e

    Confidentiality Requirement updated: low -> high

  • S

    Sebastian Kawelke updated the risk assessment from 2.6 to 4.25

    add-first-party-scan-to-gitlap-pipeline

    Confidentiality Requirement updated: low -> high

  • S

    Sebastian Kawelke updated the risk assessment from 2.6 to 4.25

    feautre/sarif-sbom-upload-components

    Confidentiality Requirement updated: low -> high

  • S

    Sebastian Kawelke updated the risk assessment from 2.6 to 4.25

    attest

    Confidentiality Requirement updated: low -> high

  • S

    Sebastian Kawelke updated the risk assessment from 2.6 to 4.25

    0.11.1

    Confidentiality Requirement updated: low -> high

  • S

    Sebastian Kawelke updated the risk assessment from 2.6 to 4.25

    examples

    Confidentiality Requirement updated: low -> high

  • S

    Sebastian Kawelke updated the risk assessment from 1.3 to 2.12

    add/artifact-name-input

    Confidentiality Requirement updated: low -> high

  • S

    Sebastian Kawelke updated the risk assessment from 2.6 to 4.25

    chore/adds-additional-env-flags

    Confidentiality Requirement updated: low -> high

  • S

    Sebastian Kawelke updated the risk assessment from 2.6 to 4.25

    0.9.0

    Confidentiality Requirement updated: low -> high

  • S

    Sebastian Kawelke updated the risk assessment from 2.6 to 4.25

    add-jobs-tags

    Confidentiality Requirement updated: low -> high

  • S

    Sebastian Kawelke updated the risk assessment from 2.6 to 4.25

    fix-attest.yaml

    Confidentiality Requirement updated: low -> high

  • S

    Sebastian Kawelke updated the risk assessment from 1.3 to 2.12

    0.12.0

    Confidentiality Requirement updated: low -> high

  • logo

    System updated the risk assessment from 2.12 to 2.2

    0.12.0

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.25 to 4.4

    attest

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.25 to 4.4

    revert-c7057e5e

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.25 to 4.4

    0.11.1

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.25 to 4.4

    main

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.25 to 4.4

    fix-attest.yaml

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.25 to 4.4

    0.9.0

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 2.12 to 2.2

    add/artifact-name-input

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.25 to 4.4

    add-first-party-scan-to-gitlap-pipeline

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.25 to 4.4

    chore/adds-additional-env-flags

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.25 to 4.4

    examples

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.25 to 4.4

    add-jobs-tags

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.25 to 4.4

    feautre/sarif-sbom-upload-components

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.4 to 4.42

    0.11.1

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.4 to 4.42

    revert-c7057e5e

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.4 to 4.42

    main

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 2.2 to 2.21

    0.12.0

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.4 to 4.42

    0.9.0

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.4 to 4.42

    chore/adds-additional-env-flags

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.4 to 4.42

    add-first-party-scan-to-gitlap-pipeline

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 2.2 to 2.21

    add/artifact-name-input

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.4 to 4.42

    add-jobs-tags

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.4 to 4.42

    examples

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.4 to 4.42

    attest

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.4 to 4.42

    fix-attest.yaml

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 4.4 to 4.42

    feautre/sarif-sbom-upload-components

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 2.21 to 4.42

    add/artifact-name-input

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 2.21 to 4.42

    0.12.0

    System recalculated raw risk assessment

  • logo

    System fixed CVE-2021-33560

    add/artifact-name-input
  • logo

    System fixed CVE-2021-33560

    attest
  • logo

    System fixed CVE-2021-33560

    0.11.1
  • logo

    System fixed CVE-2021-33560

    examples
  • logo

    System fixed CVE-2021-33560

    0.9.0
  • logo

    System fixed CVE-2021-33560

    chore/adds-additional-env-flags
  • logo

    System fixed CVE-2021-33560

    revert-c7057e5e
  • logo

    System fixed CVE-2021-33560

    0.12.0
  • logo

    System fixed CVE-2021-33560

    add-jobs-tags
  • logo

    System fixed CVE-2021-33560

    fix-attest.yaml
  • logo

    System fixed CVE-2021-33560

    feautre/sarif-sbom-upload-components
  • logo

    System fixed CVE-2021-33560

    add-first-party-scan-to-gitlap-pipeline
  • logo

    System fixed CVE-2021-33560

    main
  • logo

    System detected CVE-2021-33560 with a risk of 2.21

    add/artifact-name-input
  • logo

    System updated the risk assessment from 2.21 to 4.42

    add-first-party-scan-to-gitlap-pipeline

    System recalculated raw risk assessment

Add a comment

Mark as False Positive
Last calculated at:

Affected component

debian/libgcrypt20

Installed version:
1.10.1
Fixed in:
no patch available
Show in dependency graph

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 2ab7b793efd72421aea8c3a994ac60202bf1b3a5