JLSEC-2026-124
- Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-124.md
- Import Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-124.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/JLSEC-2026-124
- Upstream
- Published
- 2026-04-17T13:07:52.234Z
- Modified
- 2026-04-17T13:15:25.250291Z
- Summary
- [none]
- Details
-
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
- Database specific
{ "license": "CC-BY-4.0", "sources": [ { "modified": "2025-06-09T16:15:33Z", "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40528", "id": "CVE-2021-40528", "imported": "2026-04-17T00:51:47.261Z", "published": "2021-09-06T19:15:07.587Z", "database_specific": { "status": "Modified" }, "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-40528" } ] }- References
-
- https://eprint.iacr.org/2021/923
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f2e23e16adf3ed5176e0f2413d8861320
- https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
- https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
- https://security.gentoo.org/glsa/202210-13
- https://eprint.iacr.org/2021/923
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f2e23e16adf3ed5176e0f2413d8861320
- https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
- https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
- https://security.gentoo.org/glsa/202210-13