DEBIAN-CVE-2016-6313

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2016-6313

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2016-6313.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2016-6313

Upstream

CVE-2016-6313

Published

2016-12-13T20:59:04Z

Modified

2025-09-25T22:40:32Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

References

https://security-tracker.debian.org/tracker/CVE-2016-6313

Affected packages

Debian:11

gnupg1

Package

Name: gnupg1
Purl: pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.21-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

libgcrypt20

Package

Name: libgcrypt20
Purl: pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12

gnupg1

Package

Name: gnupg1
Purl: pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.21-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

libgcrypt20

Package

Name: libgcrypt20
Purl: pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13

gnupg1

Package

Name: gnupg1
Purl: pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.21-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

libgcrypt20

Package

Name: libgcrypt20
Purl: pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14

gnupg1

Package

Name: gnupg1
Purl: pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.21-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

libgcrypt20

Package

Name: libgcrypt20
Purl: pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}