“Serious” vulnerability found in Libgcrypt, GnuPG’s cryptographic library
Libgcrypt 1.9.0, the newest version of a cryptographic library integrated in the GNU Privacy Guard (GnuPG) free encryption software, has a “severe” security vulnerability and should not be used, warned Werner Koch.
Libgcrypt vulnerability warning
Libgcrypt is a general purpose cryptographic library used by GnuPG, but some other encryption software also employ it.
Koch, who is the principal developer behind GnuPG and the author of Libgcrypt, sent the urgent warning via the project’s mailing list.
Libgcrypt 1.9.0 was released on January 19 and was meant to be integrated in the upcoming GnuPG 2.3 release.
In preparation of a GnuPG 2.3 release #Libgcrypt version 1.9.0 has been released today. After nearly 4 years of hard but also interesting work his performance improvements are now up for general consumption; see https://t.co/zkhysc2t88
— GNU Privacy Guard (@gnupg) January 19, 2021
Koch did not explain the nature of the reported vulnerability, just warned users to stop using the cryptographic library and announced that a new version with a fix (as well as fixes for a couple build problems) will be released later today.
He also noted that Fedora 34 (scheduled to be released in April 2021) and Gentoo Linux are already using the vulnerable version.
UPDATE (January 26, 2021, 03:30 a.m. PT):
Koch has provided more information about the critical vulnerability (which still doesn’t have a CVE): it’s a heap buffer overflow due to an incorrect assumption in the block buffer management code. Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs.
It was discovered and flagged by Google Project Zero researcher Tavis Ormandy and affects only Libgcrypt v1.9.0.
“Exploiting this bug is simple and thus immediate action for 1.9.0 users is required,” Koch noted. “The 1.9.0 tarballs on our FTP server have
been renamed so that scripts won’t be able to get this version anymore.”
Version 1.9.1, which fixes the flaw, is available for download.