The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors Products
Gnupg
  • Gnupg
  • Libgcrypt
Debian
  • Debian Linux
Canonical
  • Ubuntu Linux

Configuration 1 [-]

OR cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:1.7.2:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Configuration 4 [-]

cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*
References
Link Resource
http://rhn.redhat.com/errata/RHSA-2016-2674.html
http://www.debian.org/security/2016/dsa-3649 Third Party Advisory
http://www.debian.org/security/2016/dsa-3650 Third Party Advisory
http://www.securityfocus.com/bid/92527 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1036635
http://www.ubuntu.com/usn/USN-3064-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-3065-1 Third Party Advisory
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html Mailing List Vendor Advisory
https://security.gentoo.org/glsa/201610-04
https://security.gentoo.org/glsa/201612-01
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2016-12-13T20:00:00

Updated: 2018-01-04T19:57:01

Reserved: 2016-07-26T00:00:00

Link: CVE-2016-6313

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2016-12-13T20:59:04.267

Modified: 2023-11-07T02:33:57.647

Link: CVE-2016-6313

JSON object: View

cve-icon Redhat Information

No data.

CWE