[Forgot Password]
Login  Register Subscribe

25354

 
 

132804

 
 

134339

 
 

909

 
 

108885

 
 

152

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2016-6313Date: (C)2016-12-16   (M)2019-08-20


The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.3CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: LOWAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
SECTRACK-1036635
BID-92527
DSA-3649
DSA-3650
GLSA-201610-04
GLSA-201612-01
RHSA-2016:2674
USN-3064-1
USN-3065-1
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob_plain;f=NEWS

CPE    15
cpe:/a:gnupg:gnupg:1.4.14
cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
cpe:/a:gnupg:libgcrypt:1.6.0
cpe:/a:gnupg:libgcrypt:1.6.1
...
CWE    1
CWE-200
OVAL    16
oval:org.secpod.oval:def:703238
oval:org.secpod.oval:def:703240
oval:org.secpod.oval:def:111259
oval:org.secpod.oval:def:1501649
...

© SecPod Technologies