CVE-2016-6313

Published: Dec 13, 2016Modified: May 6, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

Affected (15)

Products: Gnupg: Libgcrypt, Gnupg · Debian: Debian Linux · Canonical: Ubuntu Linux

2 products

1 product

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Gnupg Libgcrypt	Up to 1.5.3
Gnupg Libgcrypt	Version 1.6.0
Gnupg Libgcrypt	Version 1.6.1
Gnupg Libgcrypt	Version 1.6.2
Gnupg Libgcrypt	Version 1.6.3
Gnupg Libgcrypt	Version 1.6.4
Gnupg Libgcrypt	Version 1.6.5
Gnupg Libgcrypt	Version 1.7.0
Gnupg Libgcrypt	Version 1.7.1
Gnupg Libgcrypt	Version 1.7.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Gnupg Gnupg	Up to 1.4.14

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (22)

http://rhn.redhat.com/errata/RHSA-2016-2674.html

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3649

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2016/dsa-3650

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/92527

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036635

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-3064-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-3065-1

Source: secalert@redhat.com

Third Party Advisory

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS

Source: secalert@redhat.com

https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html

Source: secalert@redhat.com

Mailing ListVendor Advisory

https://security.gentoo.org/glsa/201610-04

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201612-01

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2674.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3649

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.debian.org/security/2016/dsa-3650

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/92527

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036635

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-3064-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.ubuntu.com/usn/USN-3065-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

https://security.gentoo.org/glsa/201610-04

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201612-01

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.