CVE-2021-40528

Publication date 6 September 2021

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

5.9 · Medium

Score breakdown

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

Read the notes from the security team

Status

Package Ubuntu Release Status
libgcrypt20 24.10 oracular
Fixed 1.8.7-5ubuntu2
24.04 LTS noble
Fixed 1.8.7-5ubuntu2
23.10 mantic
Fixed 1.8.7-5ubuntu2
23.04 lunar
Fixed 1.8.7-5ubuntu2
22.10 kinetic
Fixed 1.8.7-5ubuntu2
22.04 LTS jammy
Fixed 1.8.7-5ubuntu2
21.10 impish
Fixed 1.8.7-5ubuntu2
21.04 hirsute
Fixed 1.8.7-2ubuntu2.1
20.04 LTS focal
Fixed 1.8.5-5ubuntu1.1
18.04 LTS bionic
Fixed 1.8.1-4ubuntu1.3
16.04 LTS xenial
14.04 LTS trusty Not in release

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

Notes


mdeslaur

The commits below reference CVE-2021-33560, but they appear to actually be for this CVE, which was issued later. The original CVE was switched later on to the exponent blinding issue instead.

Severity score breakdown

Parameter Value
Base score 5.9 · Medium
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N