Arch Linux Security Advisory ASA-202101-45 ========================================== Severity: Critical Date : 2021-01-29 CVE-ID : CVE-2021-3345 Package : libgcrypt Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1505 Summary ======= The package libgcrypt before version 1.9.1-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 1.9.1-1. # pacman -Syu "libgcrypt>=1.9.1-1" The problem has been fixed upstream in version 1.9.1. Workaround ========== None. Description =========== _gcry_md_block_write in cipher/hash-common.c in libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs. The issue is fixed in version 1.9.1. Impact ====== An attacker is able to execute arbitrary code on the affected host before a given signature has been verified. References ========== https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html https://dev.gnupg.org/T5275 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=512c0c75276949f13b6373b5c04f7065af750b08 https://security.archlinux.org/CVE-2021-3345