CVE-2016-6313

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

Published: Dec 13, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-6313
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
gnupg / libgcrypt	1.6.1	1.6.1.x
gnupg / libgcrypt	1.7.0	1.7.0.x
gnupg / libgcrypt	1.7.2	1.7.2.x
gnupg / libgcrypt	-	1.5.3.x
gnupg / libgcrypt	1.6.3	1.6.3.x
gnupg / libgcrypt	1.6.4	1.6.4.x
gnupg / libgcrypt	1.6.2	1.6.2.x
gnupg / libgcrypt	1.7.1	1.7.1.x
gnupg / libgcrypt	1.6.5	1.6.5.x
gnupg / libgcrypt	1.6.0	1.6.0.x
debian / debian_linux	8.0	8.0.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	14.04	14.04.x
gnupg / gnupg	-	1.4.14.x

Vulnerability Database

289,697

CVE-2016-6313