Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description General purpose cryptographic library based on the code from GnuPG
Version 1.10.3-1 [core]


Group Affected Fixed Severity Status Ticket
AVG-2011 1.9.2-1 1.9.3-1 Medium Fixed
AVG-1505 1.9.0-2 1.9.1-1 Critical Fixed
AVG-1044 1.8.4-1 1.8.5-1 High Fixed
AVG-719 1.8.2-1 1.8.3-1 High Fixed
AVG-402 1.8.0-1 1.8.1-1 Medium Fixed
AVG-338 1.7.7-1 1.7.8-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-33560 AVG-2011 Medium Yes Private key recovery
Libgcrypt before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window...
CVE-2021-3345 AVG-1505 Critical No Arbitrary code execution
_gcry_md_block_write in cipher/hash-common.c in libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count...
CVE-2019-13627 AVG-1044 High Yes Private key recovery
A vulnerability has been found in the ECDSA/EdDSA implementation of libgcrypt up to 1.8.4, allowing for practical recovery of the long- term private key.
CVE-2018-0495 AVG-719 High No Private key recovery
An implementation flaw has been discovered in multiple cryptographic libraries that allows a side-channel based attacker to recover ECDSA or DSA private...
CVE-2017-7526 AVG-338 High No Private key recovery
The pattern of squarings and multiplications in left-to-right sliding windows in libgcrypt <= 1.7.7 leaks significant information about exponent bits,...
CVE-2017-0379 AVG-402 Medium No Private key recovery
Libgcrypt before 1.8.1 does not properly consider Curve25519 side- channel attacks, which makes it easier for attackers to discover a secret key, related to...


Date Advisory Group Severity Type
29 Jan 2021 ASA-202101-45 AVG-1505 Critical arbitrary code execution
16 Jun 2018 ASA-201806-10 AVG-719 High private key recovery
18 Sep 2017 ASA-201709-13 AVG-402 Medium private key recovery
03 Jul 2017 ASA-201707-1 AVG-338 High private key recovery