CVE-2021-3345

_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
gnupglibgcrypt
1.9.0
oraclecommunications_billing_and_revenue_management
12.0.0.3.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libgcrypt20
bullseye
1.8.7-6
fixed
bookworm
1.10.1-3
fixed
sid
1.11.0-6
fixed
trixie
1.11.0-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libgcrypt11
groovy
dne
focal
dne
bionic
dne
xenial
dne
trusty
not-affected
libgcrypt20
groovy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
dne
Common Weakness Enumeration
References
https://bugs.gentoo.org/show_bug.cgi?id=767814
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=512c0c75276949f13b6373b5c04f7065af750b08
https://gnupg.org
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://bugs.gentoo.org/show_bug.cgi?id=767814
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=512c0c75276949f13b6373b5c04f7065af750b08
https://gnupg.org
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
https://www.oracle.com//security-alerts/cpujul2021.html