CVE-2016-6313

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-6313
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6313.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-6313
Related
Published
2016-12-13T20:59:04Z
Modified
2024-10-12T02:08:58.443437Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

References

Affected packages

Alpine:v3.4 / libgcrypt

Package

Name
libgcrypt
Purl
pkg:apk/alpine/libgcrypt?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.0-r1

Affected versions

1.*

1.4.3-r0
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.5-r1
1.4.5-r2
1.4.6-r0
1.4.6-r1
1.4.6-r2
1.5.0-r0
1.5.1-r0
1.5.2-r0
1.5.3-r0
1.6.0-r0
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.7.0-r0

Debian:11 / gnupg1

Package

Name
gnupg1
Purl
pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.21-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gnupg1

Package

Name
gnupg1
Purl
pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.21-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gnupg1

Package

Name
gnupg1
Purl
pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.21-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / libgcrypt20

Package

Name
libgcrypt20
Purl
pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libgcrypt20

Package

Name
libgcrypt20
Purl
pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libgcrypt20

Package

Name
libgcrypt20
Purl
pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gpg/libgcrypt

Affected ranges

Affected versions

Other

DEVEL-BRANCH-1-1
V-0-2-8
V0-0-0
V0-1-0
V0-2-0
V0-2-10
V0-2-15
V0-2-17
V0-2-18
V0-2-19
V0-2-6
V0-3-0
V0-3-1
V0-3-2
V0-3-3
V0-3-4
V0-3-5
V0-4-0
V0-4-1
V0-4-2
V0-4-3
V0-4-4
V0-4-5
V0-9-0
V0-9-1
V0-9-10
V0-9-11
V0-9-2
V0-9-3
V0-9-4
V0-9-5
V0-9-6
V0-9-7
V0-9-8
V0-9-9
V1-0-0
V1-0-1
V1-0-1-ePit-1
V1-0-2
V1-0-3
V1-0-4
V1-1-0
V1-1-10
V1-1-11
V1-1-12
V1-1-2
V1-1-3
V1-1-4
V1-1-42
V1-1-43
V1-1-44
V1-1-5
V1-1-6
V1-1-7
V1-1-8
V1-1-9
V1-1-90
V1-1-91
V1-1-92
V1-1-93
V1-1-94
V1-2-0
V1-2-1
ecc-integration-done
last-gpl-version
marcus-after-thread-cbs
marcus-before-thread-cbs
now-less-freedom-protected
post-nuke-of-trailing-ws

libgcrypt-1.*

libgcrypt-1.3.0
libgcrypt-1.3.1
libgcrypt-1.3.2
libgcrypt-1.4.0
libgcrypt-1.4.1
libgcrypt-1.4.1rc1
libgcrypt-1.4.2
libgcrypt-1.4.2rc1
libgcrypt-1.4.2rc2
libgcrypt-1.4.3
libgcrypt-1.4.4
libgcrypt-1.5.0
libgcrypt-1.5.0-beta1
libgcrypt-1.5.1
libgcrypt-1.5.2
libgcrypt-1.5.3
libgcrypt-1.6.0