PT-2016-3287 · Gnu+5 · Libgcrypt+6

Felix Dörre

Published

2014-08-11

Updated

2024-06-15

CVE-2016-6313

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Libgcrypt versions prior to 1.5.6 Libgcrypt versions 1.6.x prior to 1.6.6 Libgcrypt versions 1.7.x prior to 1.7.3 GnuPG versions prior to 1.4.21

Description The issue is related to an error in the pseudorandom number generator of the Libgcrypt cryptography library, which leads to the generation of 160 bits of random number from the standard random number generator. This allows a remote attacker to predict the output. The mixing functions in the random number generator make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

Recommendations For Libgcrypt versions prior to 1.5.6, update to version 1.5.6 or later. For Libgcrypt versions 1.6.x prior to 1.6.6, update to version 1.6.6 or later. For Libgcrypt versions 1.7.x prior to 1.7.3, update to version 1.7.3 or later. For GnuPG versions prior to 1.4.21, update to version 1.4.21 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2014-1992

ALT-PU-2016-1855

ALT-PU-2016-1864

BDU:2019-01635

CESA-2016_2674

CVE-2016-6313

DLA-600-1

DLA-602-1

DSA-3649-1

DSA-3650-1

MGASA-2016-0292

OPENSUSE-SU-2024:10037-1

RHSA-2016:2674

RHSA-2016_2674

SUSE-SU-2016:2345-1

SUSE-SU-2016:2346-1

SUSE-SU-2016_2345-1

SUSE-SU-2016_2346-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-3064-1

USN-3065-1

Affected Products

Alt Linux

Centos

Gnupg

Libgcrypt

Red Hat

Suse

Ubuntu

PT-2016-3287 · Gnu+5 · Libgcrypt+6

CVE-2016-6313

Weakness Enumeration

Related Identifiers

Affected Products

References · 74