Skip to main content

Libgcrypt CVE-2016-6313

MEDIUM
Information Exposure (CWE-200)
2016-12-13 secalert@redhat.com
5.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 13, 2016 - 20:59 cve.org
MEDIUM 5.3

DescriptionCVE.org

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

AnalysisAI

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. Affected products include: Gnupg Libgcrypt, Debian Debian Linux, Canonical Ubuntu Linux, Gnupg. Version information: before 1.5.6.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2018-6829 HIGH POC
7.5 Feb 07

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, whic

CVE-2021-40528 MEDIUM POC
5.9 Sep 06

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two c

CVE-2018-0495 MEDIUM POC
4.7 Jun 13

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be

CVE-2017-0379 HIGH
7.5 Aug 29

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers t

CVE-2021-3345 HIGH
7.8 Jan 29

_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest

CVE-2021-33560 HIGH
7.5 Jun 08

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to addres

CVE-2026-41989 MEDIUM
6.7 Apr 23

Heap-based buffer overflow in Libgcrypt before 1.12.2 allows local attackers to trigger denial of service and corrupt me

CVE-2017-9526 MEDIUM
5.9 Jun 11

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signin

CVE-2019-12904 MEDIUM
5.9 Jun 20

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical

CVE-2014-5270 LOW
2.1 Oct 10

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciph

CVE-2015-7511 LOW
2.0 Apr 19

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it e

CVE-2013-4242 LOW
1.9 Aug 19

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users t

Share

CVE-2016-6313 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy