{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-20T22:56:42", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=512c0c75276949f13b6373b5c04f7065af750b08"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html"}, {"tags": ["x_refsource_MISC"], "url": "https://gnupg.org"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=767814"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-3345", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08", "refsource": "MISC", "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08"}, {"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html", "refsource": "MISC", "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html"}, {"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html", "refsource": "MISC", "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html"}, {"name": "https://gnupg.org", "refsource": "MISC", "url": "https://gnupg.org"}, {"name": "https://bugs.gentoo.org/show_bug.cgi?id=767814", "refsource": "MISC", "url": "https://bugs.gentoo.org/show_bug.cgi?id=767814"}, {"name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:53:17.504Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=512c0c75276949f13b6373b5c04f7065af750b08"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gnupg.org"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=767814"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3345", "datePublished": "2021-01-29T14:20:31", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-08-03T16:53:17.504Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C089126-C397-4D68-A2E5-AC0F4973AC1A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later."}, {"lang": "es", "value": "La funci\u00f3n _gcry_md_block_write en el archivo cipher/hash-common.c en la versi\u00f3n 1.9.0 de Libgcrypt tiene un desbordamiento de b\u00fafer basado en la pila cuando la funci\u00f3n final del resumen establece un valor de recuento grande. Se recomienda actualizar a la versi\u00f3n 1.9.1 o posterior."}], "id": "CVE-2021-3345", "lastModified": "2024-11-21T06:21:20.643", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-29T15:15:13.083", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=767814"}, {"source": "cve@mitre.org", "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=512c0c75276949f13b6373b5c04f7065af750b08"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://gnupg.org"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=767814"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=512c0c75276949f13b6373b5c04f7065af750b08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://gnupg.org"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libgcrypt: Heap buffer overflow in the block buffer management code", "id": "1923210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923210"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-191->CWE-122->CWE-787", "details": ["_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.", "A flaw was found in libgcrypt. A heap-based buffer overflow in the block buffer management code may lead to memory corruption before any verification is made or signature is validated. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2021-3345", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libgcrypt", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libgcrypt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libgcrypt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libgcrypt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-01-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3345\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3345\nhttps://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html\nhttps://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html"], "statement": "No Red Hat products are affected by this flaw, as the vulnerable version of libgcrypt (1.9.0) has not been shipped in any products.", "threat_severity": "Critical"}