CVE-2021-33560
CVE Details
Visit the official vulnerability details page for CVE-2021-33560 to learn more.
Initial Publication
11/13/2024
Last Update
12/12/2024
Third Party Dependency
libgcrypt20
NIST CVE Summary
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
CVE Severity
Our Official Summary
This flaw allows an attacker to decrypt parts of ciphertext encrypted using Elgamal, for example, when using OpenPGP. The highest threat from this vulnerability is to confidentiality.
Containers where this vulnerability is reported do not allow execution of arbitrary code and this cannot be exploited through remote execution. Even then risk of exploitation is low since containers restrict the attack surface.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.4.20 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 12/12/2024 | Official summary added |