CVE-2021-40528

low-risk

Published 2021-09-06

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Affected Products (1)

Libgcrypt

Affected Vendors

Gnupg

References (10)

Technical Description https://eprint.iacr.org/2021/923

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f...

Third Party Advisory https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elg...

Exploit https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elg...

Third Party Advisory https://security.gentoo.org/glsa/202210-13

Technical Description https://eprint.iacr.org/2021/923

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f...

Third Party Advisory https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elg...

Exploit https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elg...

Third Party Advisory https://security.gentoo.org/glsa/202210-13

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal