Miggo Logo

CVE-2021-33560: Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks...

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.66236%
Published
5/24/2022
Updated
1/30/2023
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description directly implicates 'mpi_powm' as the function susceptible to a side-channel attack due to the absence of exponent blinding. While the commit patch details could not be fetched to confirm the exact changes, the description provides a strong indication of the vulnerable function. The file path 'cipher/elgamal.c' is inferred as this is where ElGamal encryption logic, including modular exponentiation (powm), is typically implemented in cryptographic libraries like Libgcrypt.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Li***rypt ***or* *.*.* *n* *.*.x ***or* *.*.* mis**n*l*s *l**m*l *n*ryption ****us* it l**ks *xpon*nt *lin*in* to ***r*ss * si**-***nn*l *tt**k ***inst mpi_powm, *n* t** win*ow siz* is not **os*n *ppropri*t*ly. (T**r* is *lso *n int*rop*r**ility pro*

Reasoning

T** vuln*r**ility **s*ription *ir**tly impli**t*s 'mpi_powm' *s t** `*un*tion sus**pti*l*` to * si**-***nn*l *tt**k *u* to t** **s*n** o* *xpon*nt *lin*in*. W*il* t** *ommit p*t** **t*ils *oul* not ** **t**** to *on*irm t** *x**t ***n**s, t** **s*rip