PT-2021-7065 · Libgcrypt+10 · Libgcrypt+10

Girlelecta

·

Published

2021-06-08

·

Updated

2025-12-03

·

CVE-2021-33560

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Libgcrypt versions 1.8.7 and earlier Libgcrypt versions 1.9.x before 1.9.3
Description The issue is related to the mishandling of ElGamal encryption due to the lack of exponent blinding, making it vulnerable to a side-channel attack against mpi powm. The window size is also not chosen appropriately. This affects the use of ElGamal in OpenPGP. The vulnerability is associated with the use of a weak cryptographic algorithm, which can allow a remote attacker to access confidential information.
Recommendations For Libgcrypt versions 1.8.7 and earlier, update to version 1.8.8 or later. For Libgcrypt versions 1.9.x before 1.9.3, update to version 1.9.3 or later. As a temporary workaround, consider disabling the use of ElGamal encryption until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

Exploit

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-325

Related Identifiers

ALSA-2021:4409
ALSA-2021_4409
ALT-PU-2021-2043
ALT-PU-2025-7372
BDU:2022-03136
CESA-2021_4409
CVE-2021-33560
DLA-2691-1
MGASA-2021-0294
OESA-2021-1243
OPENSUSE-SU-2021:0919-1
OPENSUSE-SU-2021:2157-1
OPENSUSE-SU-2021_0919-1
OPENSUSE-SU-2021_2157-1
OPENSUSE-SU-2024:10941-1
RHSA-2021:4409
RHSA-2021_4409
RLSA-2021:4409
SUSE-SU-2021:14751-1
SUSE-SU-2021:2155-1
SUSE-SU-2021:2156-1
SUSE-SU-2021:2157-1
SUSE-SU-2021_14751-1
SUSE-SU-2021_2155-1
SUSE-SU-2021_2156-1
SUSE-SU-2021_2157-1
USN-5080-1
USN-5080-2

Affected Products

Alt Linux
Almalinux
Centos
Debian
Libgcrypt
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu