Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 811915 (CVE-2021-40530) - <dev-libs/crypto++-8.6.0: ElGamal plaintext recovery (CVE-2021-40530)
Summary: <dev-libs/crypto++-8.6.0: ElGamal plaintext recovery (CVE-2021-40530)
Alias: CVE-2021-40530
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [glsa? cleanup]
Depends on: 817932
  Show dependency tree
Reported: 2021-09-07 01:44 UTC by John Helmert III
Modified: 2021-10-16 23:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-09-07 01:44:37 UTC
CVE-2021-40530 (,

The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

No references to upstream in CVE references so not sure what needs to be done.
Comment 1 John Helmert III gentoo-dev Security 2021-09-25 18:36:23 UTC
8.6.0 claims to finally fix this.