CVE-2021-3345

_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
gnupglibgcrypt
1.9.0
oraclecommunications_billing_and_revenue_management
12.0.0.3.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libgcrypt20
bookworm
1.10.1-3
fixed
bullseye
1.8.7-6
fixed
sid
1.11.0-6
fixed
trixie
1.11.0-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libgcrypt11
bionic
dne
focal
dne
groovy
dne
trusty
not-affected
xenial
dne
libgcrypt20
bionic
not-affected
focal
not-affected
groovy
not-affected
trusty
dne
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libgcrypt-devel
suse enterprise desktop 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise desktop 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise desktop 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise desktop 15 SP7
1.11.0-150700.3.5
fixed
suse enterprise sap 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise sap 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise sap 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise sap 15 SP7
1.11.0-150700.3.5
fixed
suse enterprise server 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise server 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise server 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise server 15 SP7
1.11.0-150700.3.5
fixed
libgcrypt20
suse enterprise desktop 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise desktop 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise desktop 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise desktop 15 SP7
1.11.0-150700.3.5
fixed
suse enterprise sap 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise sap 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise sap 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise sap 15 SP7
1.11.0-150700.3.5
fixed
suse enterprise server 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise server 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise server 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise server 15 SP7
1.11.0-150700.3.5
fixed
libgcrypt20-32bit
suse enterprise desktop 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise desktop 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise desktop 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise desktop 15 SP7
1.11.0-150700.3.5
fixed
suse enterprise sap 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise sap 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise sap 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise sap 15 SP7
1.11.0-150700.3.5
fixed
suse enterprise server 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise server 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise server 15 SP6
1.10.3-150600.1.23
fixed
suse enterprise server 15 SP7
1.11.0-150700.3.5
fixed
libgcrypt20-hmac
suse enterprise desktop 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise desktop 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise sap 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise sap 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise server 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise server 15 SP5
1.9.4-150500.10.19
fixed
libgcrypt20-hmac-32bit
suse enterprise desktop 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise desktop 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise sap 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise sap 15 SP5
1.9.4-150500.10.19
fixed
suse enterprise server 15 SP4
1.9.4-150400.4.6
fixed
suse enterprise server 15 SP5
1.9.4-150500.10.19
fixed
Common Weakness Enumeration
References
https://bugs.gentoo.org/show_bug.cgi?id=767814
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=512c0c75276949f13b6373b5c04f7065af750b08
https://gnupg.org
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://bugs.gentoo.org/show_bug.cgi?id=767814
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=512c0c75276949f13b6373b5c04f7065af750b08
https://gnupg.org
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
https://www.oracle.com//security-alerts/cpujul2021.html