CVE-2021-3345 - OpenCVE

_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Oracle	Communications Billing And Revenue Management
Gnupg	Libgcrypt

Configuration 1 [-]

cpe:2.3:a:gnupg:libgcrypt:1.9.0:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*

References

Link	Resource
https://bugs.gentoo.org/show_bug.cgi?id=767814	Issue Tracking Vendor Advisory
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=512c0c75276949f13b6373b5c04f7065af750b08
https://gnupg.org	Vendor Advisory
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html	Mailing List Vendor Advisory
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html	Mailing List Patch Vendor Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-01-29T14:20:31

Updated: 2021-07-20T22:56:42

Reserved: 2021-01-29T00:00:00

Link: CVE-2021-3345

JSON object: View

NVD Information

Status : Modified

Published: 2021-01-29T15:15:13.083

Modified: 2023-11-07T03:37:58.550

Link: CVE-2021-3345

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-20T22:56:42", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=512c0c75276949f13b6373b5c04f7065af750b08"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html"}, {"tags": ["x_refsource_MISC"], "url": "https://gnupg.org"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=767814"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-3345", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08", "refsource": "MISC", "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08"}, {"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html", "refsource": "MISC", "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html"}, {"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html", "refsource": "MISC", "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html"}, {"name": "https://gnupg.org", "refsource": "MISC", "url": "https://gnupg.org"}, {"name": "https://bugs.gentoo.org/show_bug.cgi?id=767814", "refsource": "MISC", "url": "https://bugs.gentoo.org/show_bug.cgi?id=767814"}, {"name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3345", "datePublished": "2021-01-29T14:20:31", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2021-07-20T22:56:42", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnupg:libgcrypt:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C089126-C397-4D68-A2E5-AC0F4973AC1A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later."}, {"lang": "es", "value": "La funci\u00f3n _gcry_md_block_write en el archivo cipher/hash-common.c en la versi\u00f3n 1.9.0 de Libgcrypt tiene un desbordamiento de b\u00fafer basado en la pila cuando la funci\u00f3n final del resumen establece un valor de recuento grande. Se recomienda actualizar a la versi\u00f3n 1.9.1 o posterior."}], "id": "CVE-2021-3345", "lastModified": "2023-11-07T03:37:58.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-29T15:15:13.083", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=767814"}, {"source": "cve@mitre.org", "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=512c0c75276949f13b6373b5c04f7065af750b08"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://gnupg.org"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}