PT-2016-3287 · Gnu+5 · Libgcrypt+6

Felix Dörre

Publicado

2014-08-11

Atualizado

2024-06-15

CVE-2016-6313

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Libgcrypt versions prior to 1.5.6 Libgcrypt versions 1.6.x prior to 1.6.6 Libgcrypt versions 1.7.x prior to 1.7.3 GnuPG versions prior to 1.4.21

Description The issue is related to an error in the pseudorandom number generator of the Libgcrypt cryptography library, which leads to the generation of 160 bits of random number from the standard random number generator. This allows a remote attacker to predict the output. The mixing functions in the random number generator make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

Recommendations For Libgcrypt versions prior to 1.5.6, update to version 1.5.6 or later. For Libgcrypt versions 1.6.x prior to 1.6.6, update to version 1.6.6 or later. For Libgcrypt versions 1.7.x prior to 1.7.3, update to version 1.7.3 or later. For GnuPG versions prior to 1.4.21, update to version 1.4.21 or later.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2014-1992

ALT-PU-2016-1855

ALT-PU-2016-1864

BDU:2019-01635

CESA-2016_2674

CVE-2016-6313

DLA-600-1

DLA-602-1

DSA-3649-1

DSA-3650-1

MGASA-2016-0292

OPENSUSE-SU-2024:10037-1

RHSA-2016:2674

RHSA-2016_2674

SUSE-SU-2016:2345-1

SUSE-SU-2016:2346-1

SUSE-SU-2016_2345-1

SUSE-SU-2016_2346-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-3064-1

USN-3065-1

Produtos afetados

Alt Linux

Centos

Gnupg

Libgcrypt

Red Hat

Suse

Ubuntu

PT-2016-3287 · Gnu+5 · Libgcrypt+6

CVE-2016-6313

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 74