A Severe Bug Impacts Many Project — Libgcrypt

Home/Security Update, Software Issues/A Severe Bug Impacts Many Project — Libgcrypt

A Severe Bug Impacts Many Project — Libgcrypt

A severe vulnerability found in Libgcrypt and recommended not to use.

Libgcrypt 1.9.0 Vulnerability

Tavis Ormandy of Project Zero, discovered a flaw affects version 1.9.0 of libgcrypt.

Libgcrypt 1.9.0, the newest version of a cryptographic library integrated in the GNU Privacy Guard (GnuPG) free encryption software.

About the vulnerability, Koch did not explain the nature of the reported vulnerability and warned not to the version.

Libgcrypt 1.9.0 Vulnerability — a heap buffer overflow due to an incorrect assumption in the block buffer management code.

However, Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature validated before the vulnerability occurs.

Follow Us on: Twitter, InstagramFacebook to get latest security news!

“Exploiting this bug is simple and thus immediate action for 1.9.0 users is required,” Koch noted.

Further added, “The 1.9.0 tarballs on our FTP server have been renamed so that scripts won’t be able to get this version anymore.”

Also, Fedora 34 (scheduled to be released in April 2021) and Gentoo Linux are already using the vulnerable version.

Security Recommendations:

No other Libgcrypt versions affected.

Also, the newer version with a fix (as well as fixes for a couple build problems) will be released later — he mentioned.

Version 1.9.1, which fixes the flaw, is available for download.

By | 2021-02-01T16:47:00+05:30 February 1st, 2021|Security Update, Software Issues|

About the Author:

FirstHackersNews- Identifies Security

One Comment

  1. Parbriz Iveco February 9, 2021 at 10:03 am - Reply

    Wonderful article! This is the kind of info that should be shared across the internet.
    Disgrace on Google for not positioning this put up higher!

Leave A Comment

Subscribe to our newsletter to receive security tips everday!