CLSA-2023-1698945053

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2023-1698945053.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2023-1698945053
Upstream
  • CVE-2013-4576
Published
2023-11-02T17:10:57Z
Modified
2026-06-01T00:33:17.284256741Z
Summary
libgcrypt: Fix of 4 CVEs
Details
  • CVE-2013-4576: Normalize the MPIs to prevent possible side-channel attacks
  • CVE-2014-3591: Use ciphertext blinding for Elgamal to prevent possible side-channel attacks
  • CVE-2021-33560: Use of smaller K for ephemeral key in ElGamal prevent generation of weak keys
  • CVE-2021-40528: Add exponent blinding as well to mitigate side-channel attack on mpi_powm
  • tests: Add a benchmark for Elgamal
References

Affected packages

TuxCare:CentOS:7 / libgcrypt

Package

Name
libgcrypt
Purl
pkg:rpm/tuxcare/libgcrypt?distro=centos-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.3-14.el7.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2023-1698945053.json"

TuxCare:CentOS:7 / libgcrypt-devel

Package

Name
libgcrypt-devel
Purl
pkg:rpm/tuxcare/libgcrypt-devel?distro=centos-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.3-14.el7.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2023-1698945053.json"