CVE-2021-3345

Name of the Vulnerable Software and Affected Versions Libgcrypt version 1.9.0

Description The issue is related to a heap-based buffer overflow in the gcry md block write function in the Libgcrypt library. This occurs when the digest final function sets a large count value. The estimated number of potentially affected devices worldwide is not specified. There are reports of a working exploit, indicating that this issue has been exploited in real-world incidents.

Recommendations For Libgcrypt version 1.9.0, it is recommended to upgrade to version 1.9.1 or later to resolve the issue. As a temporary workaround, consider disabling the gcry md block write function until a patch is available. Restrict access to the cipher/hash-common.c module to minimize the risk of exploitation. Avoid using the digest final function with large count values in the affected API endpoints until the issue is resolved.