CVE Vulnerabilities

CVE-2021-33560

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

CVE-2021-33560 libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm

Ubuntu

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. (There is also an interoperability problem because the selection of the k integer value does not properly consider the differences between basic ElGamal encryption and generalized ElGamal encryption.) This, for example, affects use of ElGamal in OpenPGP.

Affected Software List

NameVendorVersion
Libgcrypt20Ubuntu/trustyout of standard support
Libgcrypt20Ubuntu/upstream1.8.7-6
Libgcrypt20Ubuntu/xenialout of standard support
Libgcrypt20Ubuntu/devel
Libgcrypt20Ubuntu/esm-infra/xenialTBD
Libgcrypt20Ubuntu/hirsute
Libgcrypt20Ubuntu/bionic
Libgcrypt20Ubuntu/focal
Libgcrypt20Ubuntu/groovyreached end-of-life