CVE-2021-33560
First published: Tue Jun 08 2021(Updated: )
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GnuPG Libgcrypt | <1.8.8 | |
| GnuPG Libgcrypt | >=1.9.0<1.9.3 | |
| Debian Debian Linux | =9.0 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 | |
| Oracle Communications Cloud Native Core Binding Support Function | =1.11.0 | |
| Oracle Communications Cloud Native Core Network Function Cloud Native Environment | =1.9.0 | |
| Oracle Communications Cloud Native Core Network Function Cloud Native Environment | =1.10.0 | |
| Oracle Communications Cloud Native Core Network Repository Function | =1.14.0 | |
| Oracle Communications Cloud Native Core Network Repository Function | =1.15.0 | |
| Oracle Communications Cloud Native Core Network Repository Function | =1.15.1 | |
| Oracle Communications Cloud Native Core Network Slice Selection Function | =1.8.0 | |
| Oracle Communications Cloud Native Core Service Communication Proxy | =1.15.0 | |
| IBM QRadar SIEM | <=7.5.0 GA | |
| IBM QRadar SIEM | <=7.4.3 GA - 7.4.3 FP4 | |
| IBM QRadar SIEM | <=7.3.3 GA - 7.3.3 FP10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://dev.gnupg.org/T5305
- https://dev.gnupg.org/T5328
- https://dev.gnupg.org/T5466
- https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61
- https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL/
- https://security.gentoo.org/glsa/202210-13
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/203266
- https://www.ibm.com/support/pages/node/6574787 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-33560.
What is the severity of CVE-2021-33560?
The severity of CVE-2021-33560 is medium with a score of 5.9.
Which software is affected by CVE-2021-33560?
The IBM QRadar SIEM versions 7.5.0 GA, 7.4.3 GA - 7.4.3 FP4, and 7.3.3 GA - 7.3.3 FP10 are affected by CVE-2021-33560.
How can I fix CVE-2021-33560?
You can fix CVE-2021-33560 by applying the appropriate patches provided by IBM for the affected IBM QRadar SIEM versions.
Where can I find more information about CVE-2021-33560?
You can find more information about CVE-2021-33560 on IBM's X-Force Exchange and IBM's support website.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/ibm-support
- collector/nvd-index
- vendor/ibm
- canonical/ibm qradar siem
- version/ibm qradar siem/7.5.0 ga
- version/ibm qradar siem/7.4.3 ga - 7.4.3 fp4
- version/ibm qradar siem/7.3.3 ga - 7.3.3 fp10
- vendor/gnupg
- canonical/gnupg libgcrypt
- version/gnupg libgcrypt/1.9.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34
- vendor/oracle
- canonical/oracle communications cloud native core binding support function
- version/oracle communications cloud native core binding support function/1.11.0
- canonical/oracle communications cloud native core network function cloud native environment
- version/oracle communications cloud native core network function cloud native environment/1.9.0
- version/oracle communications cloud native core network function cloud native environment/1.10.0
- canonical/oracle communications cloud native core network repository function
- version/oracle communications cloud native core network repository function/1.14.0
- version/oracle communications cloud native core network repository function/1.15.0
- version/oracle communications cloud native core network repository function/1.15.1
- canonical/oracle communications cloud native core network slice selection function
- version/oracle communications cloud native core network slice selection function/1.8.0
- canonical/oracle communications cloud native core service communication proxy
- version/oracle communications cloud native core service communication proxy/1.15.0