CVE-2016-6313

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
gnupglibgcrypt
𝑥
≤ 1.5.3
gnupglibgcrypt
1.6.0
gnupglibgcrypt
1.6.1
gnupglibgcrypt
1.6.2
gnupglibgcrypt
1.6.3
gnupglibgcrypt
1.6.4
gnupglibgcrypt
1.6.5
gnupglibgcrypt
1.7.0
gnupglibgcrypt
1.7.1
gnupglibgcrypt
1.7.2
debiandebian_linux
8.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
gnupggnupg
𝑥
≤ 1.4.14
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnupg1
bookworm
1.4.23-1.1
fixed
bullseye
1.4.23-1.1
fixed
sid
1.4.23-2
fixed
trixie
1.4.23-2
fixed
gnupg2
bookworm
2.2.40-1.1
fixed
bullseye
2.2.27-2+deb11u2
fixed
bullseye (security)
2.2.27-2+deb11u2
fixed
sid
2.2.45-2
fixed
trixie
2.2.44-1
fixed
libgcrypt20
bookworm
1.10.1-3
fixed
bullseye
1.8.7-6
fixed
sid
1.11.0-6
fixed
trixie
1.11.0-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnupg
artful
dne
bionic
dne
cosmic
dne
disco
dne
precise
Fixed 1.4.11-3ubuntu2.10
released
trusty
Fixed 1.4.16-1ubuntu2.4
released
xenial
Fixed 1.4.20-1ubuntu3.1
released
yakkety
dne
zesty
dne
gnupg2
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
precise
not-affected
trusty
dne
xenial
not-affected
yakkety
not-affected
zesty
not-affected
libgcrypt11
artful
dne
bionic
dne
cosmic
dne
disco
dne
precise
Fixed 1.5.0-3ubuntu0.6
released
trusty
Fixed 1.5.3-2ubuntu4.4
released
xenial
dne
yakkety
dne
zesty
dne
libgcrypt20
artful
Fixed 1.7.2-2ubuntu1
released
bionic
Fixed 1.7.2-2ubuntu1
released
cosmic
Fixed 1.7.2-2ubuntu1
released
disco
Fixed 1.7.2-2ubuntu1
released
precise
dne
trusty
dne
xenial
Fixed 1.6.5-2ubuntu0.2
released
yakkety
Fixed 1.7.2-2ubuntu1
released
zesty
Fixed 1.7.2-2ubuntu1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libgcrypt-devel
suse enterprise desktop 15
1.8.2-4.5
fixed
suse enterprise desktop 15 SP1
1.8.2-6.7
fixed
suse enterprise desktop 15 SP2
1.8.2-8.36.1
fixed
suse enterprise desktop 15 SP3
1.8.2-8.36.1
fixed
suse enterprise desktop 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise desktop 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise desktop 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise desktop 15 SP7
1.11.0-150700.3.5
fixed
suse enterprise sap 15
1.8.2-4.5
fixed
suse enterprise sap 15 SP1
1.8.2-6.7
fixed
suse enterprise sap 15 SP2
1.8.2-8.36.1
fixed
suse enterprise sap 15 SP3
1.8.2-8.36.1
fixed
suse enterprise sap 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise sap 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise sap 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise sap 15 SP7
1.11.0-150700.3.5
fixed
suse enterprise server 15
1.8.2-4.5
fixed
suse enterprise server 15 SP1
1.8.2-6.7
fixed
suse enterprise server 15 SP2
1.8.2-8.36.1
fixed
suse enterprise server 15 SP3
1.8.2-8.36.1
fixed
suse enterprise server 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise server 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise server 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise server 15 SP7
1.11.0-150700.3.5
fixed
libgcrypt20
suse enterprise desktop 15
1.8.2-4.5
fixed
suse enterprise desktop 15 SP1
1.8.2-6.7
fixed
suse enterprise desktop 15 SP2
1.8.2-8.36.1
fixed
suse enterprise desktop 15 SP3
1.8.2-8.36.1
fixed
suse enterprise desktop 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise desktop 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise desktop 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise desktop 15 SP7
1.11.0-150700.3.5
fixed
suse enterprise sap 12 SP1
1.6.1-16.33.1
fixed
suse enterprise sap 12 SP5
1.6.1-16.68.1
fixed
suse enterprise sap 15
1.8.2-4.5
fixed
suse enterprise sap 15 SP1
1.8.2-6.7
fixed
suse enterprise sap 15 SP2
1.8.2-8.36.1
fixed
suse enterprise sap 15 SP3
1.8.2-8.36.1
fixed
suse enterprise sap 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise sap 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise sap 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise sap 15 SP7
1.11.0-150700.3.5
fixed
suse enterprise server 12 SP1
1.6.1-16.33.1
fixed
suse enterprise server 12 SP5
1.6.1-16.68.1
fixed
suse enterprise server 15
1.8.2-4.5
fixed
suse enterprise server 15 SP1
1.8.2-6.7
fixed
suse enterprise server 15 SP2
1.8.2-8.36.1
fixed
suse enterprise server 15 SP3
1.8.2-8.36.1
fixed
suse enterprise server 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise server 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise server 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise server 15 SP7
1.11.0-150700.3.5
fixed
libgcrypt20-32bit
suse enterprise desktop 15
1.8.2-4.5
fixed
suse enterprise desktop 15 SP1
1.8.2-6.7
fixed
suse enterprise desktop 15 SP2
1.8.2-8.36.1
fixed
suse enterprise desktop 15 SP3
1.8.2-8.36.1
fixed
suse enterprise desktop 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise desktop 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise desktop 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise desktop 15 SP7
1.11.0-150700.3.5
fixed
suse enterprise sap 12 SP1
1.6.1-16.33.1
fixed
suse enterprise sap 12 SP5
1.6.1-16.68.1
fixed
suse enterprise sap 15
1.8.2-4.5
fixed
suse enterprise sap 15 SP1
1.8.2-6.7
fixed
suse enterprise sap 15 SP2
1.8.2-8.36.1
fixed
suse enterprise sap 15 SP3
1.8.2-8.36.1
fixed
suse enterprise sap 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise sap 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise sap 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise sap 15 SP7
1.11.0-150700.3.5
fixed
suse enterprise server 12 SP1
1.6.1-16.33.1
fixed
suse enterprise server 12 SP5
1.6.1-16.68.1
fixed
suse enterprise server 15
1.8.2-4.5
fixed
suse enterprise server 15 SP1
1.8.2-6.7
fixed
suse enterprise server 15 SP2
1.8.2-8.36.1
fixed
suse enterprise server 15 SP3
1.8.2-8.36.1
fixed
suse enterprise server 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise server 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise server 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise server 15 SP7
1.11.0-150700.3.5
fixed
libgcrypt20-hmac
suse enterprise desktop 15
1.8.2-4.5
fixed
suse enterprise desktop 15 SP1
1.8.2-6.7
fixed
suse enterprise desktop 15 SP2
1.8.2-8.36.1
fixed
suse enterprise desktop 15 SP3
1.8.2-8.36.1
fixed
suse enterprise desktop 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise desktop 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise sap 12 SP1
1.6.1-16.33.1
fixed
suse enterprise sap 12 SP5
1.6.1-16.68.1
fixed
suse enterprise sap 15
1.8.2-4.5
fixed
suse enterprise sap 15 SP1
1.8.2-6.7
fixed
suse enterprise sap 15 SP2
1.8.2-8.36.1
fixed
suse enterprise sap 15 SP3
1.8.2-8.36.1
fixed
suse enterprise sap 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise sap 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise server 12 SP1
1.6.1-16.33.1
fixed
suse enterprise server 12 SP5
1.6.1-16.68.1
fixed
suse enterprise server 15
1.8.2-4.5
fixed
suse enterprise server 15 SP1
1.8.2-6.7
fixed
suse enterprise server 15 SP2
1.8.2-8.36.1
fixed
suse enterprise server 15 SP3
1.8.2-8.36.1
fixed
suse enterprise server 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise server 15 SP5
1.9.4-150500.10.19
fixed
libgcrypt20-hmac-32bit
suse enterprise desktop 15
1.8.2-4.5
fixed
suse enterprise desktop 15 SP1
1.8.2-6.7
fixed
suse enterprise desktop 15 SP2
1.8.2-8.36.1
fixed
suse enterprise desktop 15 SP3
1.8.2-8.36.1
fixed
suse enterprise desktop 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise desktop 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise sap 12 SP1
1.6.1-16.33.1
fixed
suse enterprise sap 12 SP5
1.6.1-16.68.1
fixed
suse enterprise sap 15
1.8.2-4.5
fixed
suse enterprise sap 15 SP1
1.8.2-6.7
fixed
suse enterprise sap 15 SP2
1.8.2-8.36.1
fixed
suse enterprise sap 15 SP3
1.8.2-8.36.1
fixed
suse enterprise sap 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise sap 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise server 12 SP1
1.6.1-16.33.1
fixed
suse enterprise server 12 SP5
1.6.1-16.68.1
fixed
suse enterprise server 15
1.8.2-4.5
fixed
suse enterprise server 15 SP1
1.8.2-6.7
fixed
suse enterprise server 15 SP2
1.8.2-8.36.1
fixed
suse enterprise server 15 SP3
1.8.2-8.36.1
fixed
suse enterprise server 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise server 15 SP5
1.9.4-150500.10.19
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libgcrypt
RHEL 6
0:1.4.5-12.el6_8
fixed
RHEL 7
0:1.5.3-13.el7_3.1
fixed
libgcrypt-devel
RHEL 6
0:1.4.5-12.el6_8
fixed
RHEL 7
0:1.5.3-13.el7_3.1
fixed
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2016-2674.html
http://www.debian.org/security/2016/dsa-3649
http://www.debian.org/security/2016/dsa-3650
http://www.securityfocus.com/bid/92527
http://www.securitytracker.com/id/1036635
http://www.ubuntu.com/usn/USN-3064-1
http://www.ubuntu.com/usn/USN-3065-1
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
https://security.gentoo.org/glsa/201610-04
https://security.gentoo.org/glsa/201612-01
http://rhn.redhat.com/errata/RHSA-2016-2674.html
http://www.debian.org/security/2016/dsa-3649
http://www.debian.org/security/2016/dsa-3650
http://www.securityfocus.com/bid/92527
http://www.securitytracker.com/id/1036635
http://www.ubuntu.com/usn/USN-3064-1
http://www.ubuntu.com/usn/USN-3065-1
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
https://security.gentoo.org/glsa/201610-04
https://security.gentoo.org/glsa/201612-01