CVE-2016-6313

MEDIUM5.3EPSS 2.7%

libgcrypt20 - security update

發布日:2016/12/13修改日:2026/4/28

描述

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

受影響套件(7)

Alpine/libgcryptfrom 0, < 1.7.0-r1
Debian/gnupgfrom 0, < 1.4.12-7+deb7u8
Debian/gnupgfrom 0, < 1.4.18-7+deb8u2
Debian/gnupg1from 0, < 1.4.21-1
Debian/libgcrypt11from 0, < 1.5.0-5+deb7u5
Debian/libgcrypt20from 0, < 1.7.3-1
Debian/libgcrypt20from 0, < 1.6.3-2+deb8u2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-6313
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-6313