CVE-2021-3345 log

Source
Severity Critical
Remote No
Type Arbitrary code execution
Description
_gcry_md_block_write in cipher/hash-common.c in libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs. The issue is fixed in version 1.9.1.
Group Package Affected Fixed Severity Status Ticket
AVG-1505 libgcrypt 1.9.0-2 1.9.1-1 Critical Fixed
Date Advisory Group Package Severity Type
29 Jan 2021 ASA-202101-45 AVG-1505 libgcrypt Critical arbitrary code execution
References
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
https://dev.gnupg.org/T5275
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=512c0c75276949f13b6373b5c04f7065af750b08