Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NDebian
OSDebian9.0Fedora Project Fedora
OSFedoraproject3334Gnupg Libgcrypt
APPGnupg1.9.0 – 1.9.3 (bez)< 1.8.8Oracle Communications Cloud Native Core Binding Support Function
APPOracle1.11.0Oracle Communications Cloud Native Core Network Function Cloud Native Environment
APPOracle1.10.01.9.0Oracle Communications Cloud Native Core Network Repository Function
APPOracle1.14.01.15.01.15.1Oracle Communications Cloud Native Core Network Slice Selection Function
APPOracle1.8.0Oracle Communications Cloud Native Core Service Communication Proxy
APPOracle1.15.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
References
Related vulnerabilities
CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki