Vulnerability Name: | CVE-2021-40530 (CCN-208746) | ||||||||||||||||||||||||
Assigned: | 2021-07-07 | ||||||||||||||||||||||||
Published: | 2021-07-07 | ||||||||||||||||||||||||
Updated: | 2021-10-18 | ||||||||||||||||||||||||
Summary: | The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | ||||||||||||||||||||||||
CVSS v3 Severity: | 5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:R)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:U/RC:R)
| ||||||||||||||||||||||||
CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
| ||||||||||||||||||||||||
Vulnerability Type: | CWE-327 | ||||||||||||||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-40530 Source: CCN Type: Crypto++ Web site Crypto++ Source: CCN Type: ePrint Web site Cryptology ePrint Archive: Report 2021/923 Source: MISC Type: Technical Description, Third Party Advisory https://eprint.iacr.org/2021/923 Source: XF Type: UNKNOWN crypto-cve202140530-sec-bypass(208746) Source: MISC Type: Third Party Advisory https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 Source: MISC Type: Exploit, Third Party Advisory https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2021-a381a721a9 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2021-8b14da0538 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2021-6788250ea4 | ||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Denotes that component is vulnerable | ||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
BACK |