CVE-2021-40530

The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

References

Affected packages

Git / github.com/weidai11/cryptopp

Affected ranges

Type

GIT

Repo

https://github.com/weidai11/cryptopp

Events

Introduced

Last affected

f2102243e6fdd48c0b2a393a0993cca228f20573

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.5"
        }
    ]
}

Affected versions

Other

CRYPTOPP_5_0

CRYPTOPP_5_1

CRYPTOPP_5_2

CRYPTOPP_5_2_1

CRYPTOPP_5_2_3

CRYPTOPP_5_3_0

CRYPTOPP_5_4

CRYPTOPP_5_5

CRYPTOPP_5_5_1

CRYPTOPP_5_5_2

CRYPTOPP_5_6_0

CRYPTOPP_5_6_1

CRYPTOPP_5_6_2

CRYPTOPP_5_6_3

CRYPTOPP_5_6_4

CRYPTOPP_5_6_5

CRYPTOPP_6_0_0

CRYPTOPP_7_0_0

CRYPTOPP_8_0_0

CRYPTOPP_8_1_0

CRYPTOPP_8_2_0

CRYPTOPP_8_3_0

CRYPTOPP_8_4_0

CRYPTOPP_8_5_0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40530.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    }
]