CVE-2021-40529 log

Severity Medium
Remote Yes
Type Information disclosure
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
Group Package Affected Fixed Severity Status Ticket
AVG-2362 botan 2.18.1-1 Medium Vulnerable