[Forgot Password]
Login  Register Subscribe

25354

 
 

132811

 
 

146396

 
 

909

 
 

117043

 
 

156

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2016-6313Date: (C)2016-12-16   (M)2020-03-27


The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.3CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: LOWAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
SECTRACK-1036635
BID-92527
DSA-3649
DSA-3650
GLSA-201610-04
GLSA-201612-01
RHSA-2016:2674
USN-3064-1
USN-3065-1
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob_plain;f=NEWS

CPE    15
cpe:/a:gnupg:gnupg:1.4.14
cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
cpe:/a:gnupg:libgcrypt:1.6.0
cpe:/a:gnupg:libgcrypt:1.6.1
...
CWE    1
CWE-200
OVAL    17
oval:org.secpod.oval:def:111259
oval:org.secpod.oval:def:1501649
oval:org.secpod.oval:def:1600447
oval:org.secpod.oval:def:111311
...

© SecPod Technologies