Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-DEBIAN11-LIBGCRYPT20-1297892
- published 29 May 2021
- disclosed 8 Jun 2021
How to fix?
There is no fixed version for
Note: Versions mentioned in the description apply only to the upstream
libgcrypt20 package and not the
libgcrypt20 package as distributed by
How to fix? for
Debian:11 relevant fixed versions and status.
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.