[Bug 1190244] New: VUL-0: CVE-2021-40529: Botan: ElGamal implementation allows plaintext recovery
http://bugzilla.opensuse.org/show_bug.cgi?id=1190244 Bug ID: 1190244 Summary: VUL-0: CVE-2021-40529: Botan: ElGamal implementation allows plaintext recovery Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other URL: https://smash.suse.de/issue/309148/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: jsikes@suse.com Reporter: rfrohl@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2021-40529 The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40529 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40529 https://github.com/randombit/botan/pull/2790 https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity... https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity... https://eprint.iacr.org/2021/923 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1190244
http://bugzilla.opensuse.org/show_bug.cgi?id=1190244#c1
Andreas Stieger
participants (1)
-
bugzilla_noreply@suse.com