CVE-2016-6313
Summary
| CVE | CVE-2016-6313 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-12-13 20:59:00 UTC |
| Updated | 2023-11-07 02:33:00 UTC |
| Description | The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Application | Gnupg | Gnupg | All | All | All | All |
| Application | Gnupg | Libgcrypt | 1.6.0 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.6.1 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.6.2 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.6.3 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.6.4 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.6.5 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.7.0 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.7.1 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.7.2 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.6.0 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.6.1 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.6.2 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.6.3 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.6.4 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.6.5 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.7.0 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.7.1 | All | All | All |
| Application | Gnupg | Libgcrypt | 1.7.2 | All | All | All |
| Application | Gnupg | Libgcrypt | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.gnupg.org Git | git.gnupg.org | ||
| USN-3065-1: Libgcrypt vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| GnuPG: RNG output is predictable (GLSA 201612-01) — Gentoo security | GENTOO | security.gentoo.org | |
| Debian -- Security Information -- DSA-3650-1 libgcrypt20 | DEBIAN | www.debian.org | Third Party Advisory |
| GnuPG Flaw in Random Number Generator Mixing Functions Lets Users Predict Some Output - SecurityTracker | SECTRACK | www.securitytracker.com | |
| git.gnupg.org/cgi-bin/gitweb.cgi | CONFIRM | git.gnupg.org | Vendor Advisory |
| USN-3064-1: GnuPG vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| Debian -- Security Information -- DSA-3649-1 gnupg | DEBIAN | www.debian.org | Third Party Advisory |
| [Announce] Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316] | MLIST | lists.gnupg.org | Mailing List, Vendor Advisory |
| libgcrypt: Multiple vulnerabilities (GLSA 201610-04) — Gentoo Security | GENTOO | security.gentoo.org | |
| GnuPG and Libgcrypt CVE-2016-6313 Local Predictable Random Number Generator Weakness | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.