Candidate: CVE-2021-3345
PublicDate: 2021-01-29 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3345
 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08
 https://gnupg.org
 https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html
 https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
Description:
 _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has
 a heap-based buffer overflow when the digest final function sets a large
 count value. It is recommended to upgrade to 1.9.1 or later.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: high
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_libgcrypt20:
upstream_libgcrypt20: released (1.9.1)
precise/esm_libgcrypt20: DNE
trusty_libgcrypt20: ignored (out of standard support)
trusty/esm_libgcrypt20: DNE
xenial_libgcrypt20: not-affected (1.6.5-2ubuntu0.6)
esm-infra/xenial_libgcrypt20: not-affected (1.6.5-2ubuntu0.6)
bionic_libgcrypt20: not-affected (1.8.1-4ubuntu1.2)
focal_libgcrypt20: not-affected (1.8.5-5ubuntu1)
groovy_libgcrypt20: not-affected (1.8.5-5ubuntu2)
devel_libgcrypt20: not-affected (1.8.7-2ubuntu1)

Patches_libgcrypt11:
upstream_libgcrypt11: needs-triage
precise/esm_libgcrypt11: not-affected (1.5.0-3ubuntu0.9)
trusty_libgcrypt11: ignored (out of standard support)
trusty/esm_libgcrypt11: not-affected (1.5.3-2ubuntu4.6+esm1)
xenial_libgcrypt11: DNE
bionic_libgcrypt11: DNE
focal_libgcrypt11: DNE
groovy_libgcrypt11: DNE
devel_libgcrypt11: DNE