CVE-2021-33560: Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks...
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.66236%
CWE
Published
5/24/2022
Updated
1/30/2023
KEV Status
No
Technology
-
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability description directly implicates 'mpi_powm' as the function susceptible
to a side-channel attack due to the absence of exponent blinding. While the commit patch details could not be fetched to confirm the exact changes, the description provides a strong indication of the vulnerable function
. The file path 'cipher/elgamal.c' is inferred as this is where ElGamal encryption logic, including modular exponentiation (powm
), is typically implemented in cryptographic libraries like Libgcrypt
.