CVE-2016-6313

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
gnupglibgcrypt
𝑥
≤ 1.5.3
gnupglibgcrypt
1.6.0
gnupglibgcrypt
1.6.1
gnupglibgcrypt
1.6.2
gnupglibgcrypt
1.6.3
gnupglibgcrypt
1.6.4
gnupglibgcrypt
1.6.5
gnupglibgcrypt
1.7.0
gnupglibgcrypt
1.7.1
gnupglibgcrypt
1.7.2
debiandebian_linux
8.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
gnupggnupg
𝑥
≤ 1.4.14
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnupg1
bookworm
1.4.23-1.1
fixed
bullseye
1.4.23-1.1
fixed
sid
1.4.23-2
fixed
trixie
1.4.23-2
fixed
gnupg2
bullseye (security)
2.2.27-2+deb11u2
fixed
bullseye
2.2.27-2+deb11u2
fixed
bookworm
2.2.40-1.1
fixed
trixie
2.2.44-1
fixed
sid
2.2.45-2
fixed
libgcrypt20
bullseye
1.8.7-6
fixed
bookworm
1.10.1-3
fixed
sid
1.11.0-6
fixed
trixie
1.11.0-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnupg
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
Fixed 1.4.20-1ubuntu3.1
released
trusty
Fixed 1.4.16-1ubuntu2.4
released
precise
Fixed 1.4.11-3ubuntu2.10
released
gnupg2
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
not-affected
yakkety
not-affected
xenial
not-affected
trusty
dne
precise
not-affected
libgcrypt11
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
trusty
Fixed 1.5.3-2ubuntu4.4
released
precise
Fixed 1.5.0-3ubuntu0.6
released
libgcrypt20
disco
Fixed 1.7.2-2ubuntu1
released
cosmic
Fixed 1.7.2-2ubuntu1
released
bionic
Fixed 1.7.2-2ubuntu1
released
artful
Fixed 1.7.2-2ubuntu1
released
zesty
Fixed 1.7.2-2ubuntu1
released
yakkety
Fixed 1.7.2-2ubuntu1
released
xenial
Fixed 1.6.5-2ubuntu0.2
released
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2016-2674.html
http://www.debian.org/security/2016/dsa-3649
http://www.debian.org/security/2016/dsa-3650
http://www.securityfocus.com/bid/92527
http://www.securitytracker.com/id/1036635
http://www.ubuntu.com/usn/USN-3064-1
http://www.ubuntu.com/usn/USN-3065-1
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
https://security.gentoo.org/glsa/201610-04
https://security.gentoo.org/glsa/201612-01
http://rhn.redhat.com/errata/RHSA-2016-2674.html
http://www.debian.org/security/2016/dsa-3649
http://www.debian.org/security/2016/dsa-3650
http://www.securityfocus.com/bid/92527
http://www.securitytracker.com/id/1036635
http://www.ubuntu.com/usn/USN-3064-1
http://www.ubuntu.com/usn/USN-3065-1
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
https://security.gentoo.org/glsa/201610-04
https://security.gentoo.org/glsa/201612-01