Approved changes feed: RSS · Atom
cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Gnupg (cf567c2a-c134-5510-af9f-62e22a797e74) |
|---|---|
| Product | Libgcrypt (5ca46195-6599-5c5c-ab9c-5b3ac10f1932) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/libgcrypt20 |
purl2cpe | 2026-06-01 10:12:44.025591 |
pkg:deb/ubuntu/libgcrypt20 |
purl2cpe | 2026-06-01 10:12:44.025592 |
pkg:github/gpg/libgcrypt |
purl2cpe | 2026-06-01 10:12:44.025594 |
pkg:gitlab/redhat/libgcrypt |
purl2cpe | 2026-06-01 10:12:44.025595 |
pkg:gnu/libgcrypt |
purl2cpe | 2026-06-01 10:12:44.025597 |
pkg:rpm/fedora/libgcrypt |
purl2cpe | 2026-06-01 10:12:44.025598 |
pkg:rpm/opensuse/libgcrypt |
purl2cpe | 2026-06-01 10:12:44.025599 |
pkg:rpm/opensuse/libgcrypt20 |
purl2cpe | 2026-06-01 10:12:44.025601 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-41990 |
vulnerable | 2026-06-08 08:03:15.831768 |
Details available
MEDIUM (4)
Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.
Published: 2026-04-23T04:39:04.524Z
Updated: 2026-04-23T16:22:42.096Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-41989 |
vulnerable | 2026-06-08 08:03:15.831289 |
Details available
MEDIUM (6.7)
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.
Published: 2026-04-23T04:30:26.124Z
Updated: 2026-04-23T16:22:47.896Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-40528 |
vulnerable | 2026-06-08 05:35:18.656501 |
Details available
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
Published: 2021-09-06T00:00:00.000Z
Updated: 2025-06-09T15:13:03.906Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-33560 |
vulnerable | 2026-06-08 05:32:11.798592 |
Details available
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
Published: 2021-06-08T00:00:00.000Z
Updated: 2025-12-03T14:39:10.763Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-6829 |
vulnerable | 2026-06-08 05:11:54.216925 |
Details available
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
Published: 2018-02-07T23:00:00.000Z
Updated: 2024-08-05T06:17:15.803Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0495 |
vulnerable | 2026-06-08 05:10:23.964293 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-9526 |
vulnerable | 2026-06-08 05:10:10.097627 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-7526 |
vulnerable | 2026-06-08 05:09:56.440935 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-0379 |
vulnerable | 2026-06-08 05:08:26.061226 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-6313 |
vulnerable | 2026-06-08 05:07:59.450056 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-7511 |
vulnerable | 2026-06-08 05:07:01.210528 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-0837 |
vulnerable | 2026-06-08 05:06:24.005864 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-5270 |
vulnerable | 2026-06-08 05:05:47.399039 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-3591 |
vulnerable | 2026-06-08 05:05:33.640844 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-4242 |
vulnerable | 2026-06-08 05:04:34.842400 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.