{"id":"CVE-2021-3345","details":"_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.","modified":"2026-07-08T05:59:20.217877399Z","published":"2021-01-29T15:15:13.083Z","related":["openSUSE-SU-2024:10941-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"introduced":"12.0.0.3.0"},{"last_affected":"12.0.0.3.0"}],"cpes":["cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*"],"source":"CPE_STRING","vendor_product":"oracle:communications_billing_and_revenue_management"}]},"references":[{"type":"WEB","url":"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=512c0c75276949f13b6373b5c04f7065af750b08"},{"type":"ADVISORY","url":"https://gnupg.org"},{"type":"ADVISORY","url":"https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html"},{"type":"ADVISORY","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"REPORT","url":"https://bugs.gentoo.org/show_bug.cgi?id=767814"},{"type":"FIX","url":"https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"git://git.gnupg.org/libgcrypt.git","events":[{"introduced":"0dc49af9b5371c5e2f766b70c3bede2b10db9f7e"},{"last_affected":"0dc49af9b5371c5e2f766b70c3bede2b10db9f7e"}],"database_specific":{"extracted_events":[{"introduced":"1.9.0"},{"last_affected":"1.9.0"}],"source":"CPE_STRING","cpe":"cpe:2.3:a:gnupg:libgcrypt:1.9.0:*:*:*:*:*:*:*"}}],"versions":["1.9.0","libgcrypt-1.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3345.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/gpg/libgcrypt","events":[{"introduced":"0dc49af9b5371c5e2f766b70c3bede2b10db9f7e"},{"last_affected":"0dc49af9b5371c5e2f766b70c3bede2b10db9f7e"}],"database_specific":{"extracted_events":[{"introduced":"1.9.0"},{"last_affected":"1.9.0"}],"source":"CPE_STRING","cpe":"cpe:2.3:a:gnupg:libgcrypt:1.9.0:*:*:*:*:*:*:*"}}],"versions":["1.9.0","libgcrypt-1.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3345.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}