Approved changes feed: RSS · Atom

cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorGnupg (cf567c2a-c134-5510-af9f-62e22a797e74)
ProductLibgcrypt (5ca46195-6599-5c5c-ab9c-5b3ac10f1932)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:deb/debian/libgcrypt20 purl2cpe 2026-06-01 10:12:44.025591
pkg:deb/ubuntu/libgcrypt20 purl2cpe 2026-06-01 10:12:44.025592
pkg:github/gpg/libgcrypt purl2cpe 2026-06-01 10:12:44.025594
pkg:gitlab/redhat/libgcrypt purl2cpe 2026-06-01 10:12:44.025595
pkg:gnu/libgcrypt purl2cpe 2026-06-01 10:12:44.025597
pkg:rpm/fedora/libgcrypt purl2cpe 2026-06-01 10:12:44.025598
pkg:rpm/opensuse/libgcrypt purl2cpe 2026-06-01 10:12:44.025599
pkg:rpm/opensuse/libgcrypt20 purl2cpe 2026-06-01 10:12:44.025601

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-41990 vulnerable 2026-06-08 08:03:15.831768 Details available
MEDIUM (4)
Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.
Published: 2026-04-23T04:39:04.524Z
Updated: 2026-04-23T16:22:42.096Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-41989 vulnerable 2026-06-08 08:03:15.831289 Details available
MEDIUM (6.7)
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.
Published: 2026-04-23T04:30:26.124Z
Updated: 2026-04-23T16:22:47.896Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-40528 vulnerable 2026-06-08 05:35:18.656501 Details available
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
Published: 2021-09-06T00:00:00.000Z
Updated: 2025-06-09T15:13:03.906Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-33560 vulnerable 2026-06-08 05:32:11.798592 Details available
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
Published: 2021-06-08T00:00:00.000Z
Updated: 2025-12-03T14:39:10.763Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-6829 vulnerable 2026-06-08 05:11:54.216925 Details available
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
Published: 2018-02-07T23:00:00.000Z
Updated: 2024-08-05T06:17:15.803Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-0495 vulnerable 2026-06-08 05:10:23.964293 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-9526 vulnerable 2026-06-08 05:10:10.097627 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-7526 vulnerable 2026-06-08 05:09:56.440935 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-0379 vulnerable 2026-06-08 05:08:26.061226 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-6313 vulnerable 2026-06-08 05:07:59.450056 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-7511 vulnerable 2026-06-08 05:07:01.210528 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-0837 vulnerable 2026-06-08 05:06:24.005864 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-5270 vulnerable 2026-06-08 05:05:47.399039 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3591 vulnerable 2026-06-08 05:05:33.640844 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-4242 vulnerable 2026-06-08 05:04:34.842400 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.