CVE-2016-6313
- Source
- https://cve.org/CVERecord?id=CVE-2016-6313
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6313.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-6313
- Downstream
- Related
- Published
- 2016-12-13T20:59:04.267Z
- Modified
- 2026-05-28T04:03:18.807854720Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
- Database specific
{ "unresolved_ranges": [ { "extracted_events": [ { "last_affected": "1.4.14" } ], "cpes": [ "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*" ], "source": "CPE_RANGE", "vendor_product": "gnupg:gnupg" }, { "extracted_events": [ { "last_affected": "12.04" }, { "last_affected": "14.04" }, { "last_affected": "16.04" } ], "cpes": [ "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" ], "source": "CPE_STRING", "vendor_product": "canonical:ubuntu_linux" }, { "extracted_events": [ { "last_affected": "8.0" } ], "cpes": [ "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" ], "source": "CPE_STRING", "vendor_product": "debian:debian_linux" } ] }- References
-
- http://www.securitytracker.com/id/1036635
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
- http://rhn.redhat.com/errata/RHSA-2016-2674.html
- http://www.debian.org/security/2016/dsa-3649
- http://www.debian.org/security/2016/dsa-3650
- http://www.securityfocus.com/bid/92527
- http://www.ubuntu.com/usn/USN-3064-1
- http://www.ubuntu.com/usn/USN-3065-1
- https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
- https://security.gentoo.org/glsa/201610-04
- https://security.gentoo.org/glsa/201612-01
Affected packages
Git / git.gnupg.org/libgcrypt.git
Affected ranges
- Type
- GIT
- Repo
- git://git.gnupg.org/libgcrypt.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "cpe": [ "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.7.2:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "0" }, { "last_affected": "1.5.3" }, { "last_affected": "1.6.0" }, { "last_affected": "1.6.1" }, { "last_affected": "1.6.2" }, { "last_affected": "1.6.3" }, { "last_affected": "1.6.4" }, { "last_affected": "1.6.5" }, { "last_affected": "1.7.0" }, { "last_affected": "1.7.1" }, { "last_affected": "1.7.2" } ], "source": [ "CPE_RANGE", "CPE_STRING" ] }
Affected versions
Other
DEVEL-BRANCH-1-1
V-0-2-8
V0-0-0
V0-1-0
V0-2-0
V0-2-10
V0-2-15
V0-2-17
V0-2-18
V0-2-19
V0-2-6
V0-3-0
V0-3-1
V0-3-2
V0-3-3
V0-3-4
V0-3-5
V0-4-0
V0-4-1
V0-4-2
V0-4-3
V0-4-4
V0-4-5
V0-9-0
V0-9-1
V0-9-10
V0-9-11
V0-9-2
V0-9-3
V0-9-4
V0-9-5
V0-9-6
V0-9-7
V0-9-8
V0-9-9
V1-0-0
V1-0-1
V1-0-1-ePit-1
V1-0-2
V1-0-3
V1-0-4
V1-1-0
V1-1-10
V1-1-11
V1-1-12
V1-1-2
V1-1-3
V1-1-4
V1-1-42
V1-1-43
V1-1-44
V1-1-5
V1-1-6
V1-1-7
V1-1-8
V1-1-9
V1-1-90
V1-1-91
V1-1-92
V1-1-93
V1-1-94
V1-2-0
V1-2-1
ecc-integration-done
last-gpl-version
marcus-after-thread-cbs
marcus-before-thread-cbs
now-less-freedom-protected
post-nuke-of-trailing-ws
libgcrypt-1.*
libgcrypt-1.3.0
libgcrypt-1.3.1
libgcrypt-1.3.2
libgcrypt-1.4.0
libgcrypt-1.4.1
libgcrypt-1.4.1rc1
libgcrypt-1.4.2
libgcrypt-1.4.2rc1
libgcrypt-1.4.2rc2
libgcrypt-1.4.3
libgcrypt-1.4.4
libgcrypt-1.5.0
libgcrypt-1.5.0-beta1
libgcrypt-1.5.1
libgcrypt-1.5.2
libgcrypt-1.5.3
libgcrypt-1.6.0
libgcrypt-1.6.1
libgcrypt-1.6.2
libgcrypt-1.6.3
libgcrypt-1.6.4
libgcrypt-1.6.5
libgcrypt-1.7.0
libgcrypt-1.7.1
libgcrypt-1.7.2
Git / github.com/gpg/libgcrypt
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gpg/libgcrypt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "cpe": [ "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnupg:libgcrypt:1.7.2:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "0" }, { "last_affected": "1.5.3" }, { "last_affected": "1.6.0" }, { "last_affected": "1.6.1" }, { "last_affected": "1.6.2" }, { "last_affected": "1.6.3" }, { "last_affected": "1.6.4" }, { "last_affected": "1.6.5" }, { "last_affected": "1.7.0" }, { "last_affected": "1.7.1" }, { "last_affected": "1.7.2" } ], "source": [ "CPE_RANGE", "CPE_STRING" ] }
Affected versions
Other
DEVEL-BRANCH-1-1
V-0-2-8
V0-0-0
V0-1-0
V0-2-0
V0-2-10
V0-2-15
V0-2-17
V0-2-18
V0-2-19
V0-2-6
V0-3-0
V0-3-1
V0-3-2
V0-3-3
V0-3-4
V0-3-5
V0-4-0
V0-4-1
V0-4-2
V0-4-3
V0-4-4
V0-4-5
V0-9-0
V0-9-1
V0-9-10
V0-9-11
V0-9-2
V0-9-3
V0-9-4
V0-9-5
V0-9-6
V0-9-7
V0-9-8
V0-9-9
V1-0-0
V1-0-1
V1-0-1-ePit-1
V1-0-2
V1-0-3
V1-0-4
V1-1-0
V1-1-10
V1-1-11
V1-1-12
V1-1-2
V1-1-3
V1-1-4
V1-1-42
V1-1-43
V1-1-44
V1-1-5
V1-1-6
V1-1-7
V1-1-8
V1-1-9
V1-1-90
V1-1-91
V1-1-92
V1-1-93
V1-1-94
V1-2-0
V1-2-1
ecc-integration-done
last-gpl-version
marcus-after-thread-cbs
marcus-before-thread-cbs
now-less-freedom-protected
post-nuke-of-trailing-ws
libgcrypt-1.*
libgcrypt-1.3.0
libgcrypt-1.3.1
libgcrypt-1.3.2
libgcrypt-1.4.0
libgcrypt-1.4.1
libgcrypt-1.4.1rc1
libgcrypt-1.4.2
libgcrypt-1.4.2rc1
libgcrypt-1.4.2rc2
libgcrypt-1.4.3
libgcrypt-1.4.4
libgcrypt-1.5.0
libgcrypt-1.5.0-beta1
libgcrypt-1.5.1
libgcrypt-1.5.2
libgcrypt-1.5.3
libgcrypt-1.6.0
libgcrypt-1.6.1
libgcrypt-1.6.2
libgcrypt-1.6.3
libgcrypt-1.6.4
libgcrypt-1.6.5
libgcrypt-1.7.0
libgcrypt-1.7.1
libgcrypt-1.7.2