CVE-2016-6313
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-6313
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6313.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-6313
- Related
- Published
- 2016-12-13T20:59:04Z
- Modified
- 2024-09-11T03:56:18.594515Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
- References
-
- http://rhn.redhat.com/errata/RHSA-2016-2674.html
- http://www.debian.org/security/2016/dsa-3649
- http://www.debian.org/security/2016/dsa-3650
- http://www.securityfocus.com/bid/92527
- http://www.ubuntu.com/usn/USN-3064-1
- http://www.ubuntu.com/usn/USN-3065-1
- https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
- https://security.gentoo.org/glsa/201610-04
- https://security.gentoo.org/glsa/201612-01
- http://www.securitytracker.com/id/1036635
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
- https://security.alpinelinux.org/vuln/CVE-2016-6313
- https://security-tracker.debian.org/tracker/CVE-2016-6313
Affected packages
Alpine:v3.4 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Debian:11 / gnupg1
Package
- Name
- gnupg1
- Purl
- pkg:deb/debian/gnupg1?arch=source
Debian:12 / gnupg1
Package
- Name
- gnupg1
- Purl
- pkg:deb/debian/gnupg1?arch=source
Debian:13 / gnupg1
Package
- Name
- gnupg1
- Purl
- pkg:deb/debian/gnupg1?arch=source
Debian:11 / libgcrypt20
Package
- Name
- libgcrypt20
- Purl
- pkg:deb/debian/libgcrypt20?arch=source
Debian:12 / libgcrypt20
Package
- Name
- libgcrypt20
- Purl
- pkg:deb/debian/libgcrypt20?arch=source
Debian:13 / libgcrypt20
Package
- Name
- libgcrypt20
- Purl
- pkg:deb/debian/libgcrypt20?arch=source
Git / github.com/gpg/libgcrypt
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gpg/libgcrypt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
Affected versions
Other
DEVEL-BRANCH-1-1
V-0-2-8
V0-0-0
V0-1-0
V0-2-0
V0-2-10
V0-2-15
V0-2-17
V0-2-18
V0-2-19
V0-2-6
V0-3-0
V0-3-1
V0-3-2
V0-3-3
V0-3-4
V0-3-5
V0-4-0
V0-4-1
V0-4-2
V0-4-3
V0-4-4
V0-4-5
V0-9-0
V0-9-1
V0-9-10
V0-9-11
V0-9-2
V0-9-3
V0-9-4
V0-9-5
V0-9-6
V0-9-7
V0-9-8
V0-9-9
V1-0-0
V1-0-1
V1-0-1-ePit-1
V1-0-2
V1-0-3
V1-0-4
V1-1-0
V1-1-10
V1-1-11
V1-1-12
V1-1-2
V1-1-3
V1-1-4
V1-1-42
V1-1-43
V1-1-44
V1-1-5
V1-1-6
V1-1-7
V1-1-8
V1-1-9
V1-1-90
V1-1-91
V1-1-92
V1-1-93
V1-1-94
V1-2-0
V1-2-1
ecc-integration-done
last-gpl-version
marcus-after-thread-cbs
marcus-before-thread-cbs
now-less-freedom-protected
post-nuke-of-trailing-ws
libgcrypt-1.*
libgcrypt-1.3.0
libgcrypt-1.3.1
libgcrypt-1.3.2
libgcrypt-1.4.0
libgcrypt-1.4.1
libgcrypt-1.4.1rc1
libgcrypt-1.4.2
libgcrypt-1.4.2rc1
libgcrypt-1.4.2rc2
libgcrypt-1.4.3
libgcrypt-1.4.4
libgcrypt-1.5.0
libgcrypt-1.5.0-beta1
libgcrypt-1.5.1
libgcrypt-1.5.2
libgcrypt-1.5.3
libgcrypt-1.6.0