CVE-2016-6313

EUVD-2016-7242
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
gnupglibgcrypt
𝑥
≤ 1.5.3
gnupglibgcrypt
1.6.0
gnupglibgcrypt
1.6.1
gnupglibgcrypt
1.6.2
gnupglibgcrypt
1.6.3
gnupglibgcrypt
1.6.4
gnupglibgcrypt
1.6.5
gnupglibgcrypt
1.7.0
gnupglibgcrypt
1.7.1
gnupglibgcrypt
1.7.2
debiandebian_linux
8.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
gnupggnupg
𝑥
≤ 1.4.14
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnupg1
bookworm
1.4.23-1.1
fixed
bullseye
1.4.23-1.1
fixed
sid
1.4.23-2
fixed
trixie
1.4.23-2
fixed
gnupg2
bookworm
2.2.40-1.1
fixed
bullseye
2.2.27-2+deb11u2
fixed
bullseye (security)
2.2.27-2+deb11u2
fixed
sid
2.2.45-2
fixed
trixie
2.2.44-1
fixed
libgcrypt20
bookworm
1.10.1-3
fixed
bullseye
1.8.7-6
fixed
sid
1.11.0-6
fixed
trixie
1.11.0-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnupg
artful
dne
bionic
dne
cosmic
dne
disco
dne
precise
Fixed 1.4.11-3ubuntu2.10
released
trusty
Fixed 1.4.16-1ubuntu2.4
released
xenial
Fixed 1.4.20-1ubuntu3.1
released
yakkety
dne
zesty
dne
gnupg2
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
precise
not-affected
trusty
dne
xenial
not-affected
yakkety
not-affected
zesty
not-affected
libgcrypt11
artful
dne
bionic
dne
cosmic
dne
disco
dne
precise
Fixed 1.5.0-3ubuntu0.6
released
trusty
Fixed 1.5.3-2ubuntu4.4
released
xenial
dne
yakkety
dne
zesty
dne
libgcrypt20
artful
Fixed 1.7.2-2ubuntu1
released
bionic
Fixed 1.7.2-2ubuntu1
released
cosmic
Fixed 1.7.2-2ubuntu1
released
disco
Fixed 1.7.2-2ubuntu1
released
precise
dne
trusty
dne
xenial
Fixed 1.6.5-2ubuntu0.2
released
yakkety
Fixed 1.7.2-2ubuntu1
released
zesty
Fixed 1.7.2-2ubuntu1
released
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2016-2674.html
http://www.debian.org/security/2016/dsa-3649
http://www.debian.org/security/2016/dsa-3650
http://www.securityfocus.com/bid/92527
http://www.securitytracker.com/id/1036635
http://www.ubuntu.com/usn/USN-3064-1
http://www.ubuntu.com/usn/USN-3065-1
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
https://security.gentoo.org/glsa/201610-04
https://security.gentoo.org/glsa/201612-01
http://rhn.redhat.com/errata/RHSA-2016-2674.html
http://www.debian.org/security/2016/dsa-3649
http://www.debian.org/security/2016/dsa-3650
http://www.securityfocus.com/bid/92527
http://www.securitytracker.com/id/1036635
http://www.ubuntu.com/usn/USN-3064-1
http://www.ubuntu.com/usn/USN-3065-1
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
https://security.gentoo.org/glsa/201610-04
https://security.gentoo.org/glsa/201612-01