CVE-2021-3345 log
Source |
|
Severity | Critical |
Remote | No |
Type | Arbitrary code execution |
Description | _gcry_md_block_write in cipher/hash-common.c in libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs. The issue is fixed in version 1.9.1. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-1505 | libgcrypt | 1.9.0-2 | 1.9.1-1 | Critical | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
29 Jan 2021 | ASA-202101-45 | AVG-1505 | libgcrypt | Critical | arbitrary code execution |