CVE-2021-40529

MEDIUM
Published Sep 6, 20214y ago · Modified Jun 17, 20262w ago
5.9 CVSS 3.1
Medium
Find Similar
Published Sep 6, 2021 4y ago
Last Modified Jun 17, 2026 2w ago

Description

The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

CVSS Details

Base Score
5.9
Exploitability
2.2
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-327

Affected Products 4

VendorProductVersionRange
botan_projectbotan* ≤2.18.1
fedoraprojectfedora34any
fedoraprojectfedora35any
mozillathunderbird* <91.12.0

References 7

  • eprint.iacr.org https://eprint.iacr.org/2021/923
    Technical DescriptionThird Party Advisory
  • github.com https://github.com/randombit/botan/pull/2790
    PatchThird Party Advisory
  • ibm.github.io https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
    Third Party Advisory
  • ibm.github.io https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
    ExploitThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/72NB4OLD3VHJC3YF3PEP2HKF6BYURPAO/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPHGYWNJQKWLTUWBNSFB4F66MQDIL3IB/
  • security.gentoo.org https://security.gentoo.org/glsa/202208-14
    Third Party Advisory

Remediation

  • github.com https://github.com/randombit/botan/pull/2790
    PatchThird Party Advisory