{"id":"CVE-2021-40530","details":"The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.","modified":"2026-04-16T04:34:24.170302246Z","published":"2021-09-06T19:15:07.673Z","related":["openSUSE-SU-2024:10933-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57OJA2K5AHX5HAU2QBDRWLGIIUX7GASC/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGVBZ2TTRKCTYAZTRHTF6OBD4W37F5MT/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJYOZGWI7TD27SEXILSM6VUTPPEICDL7/"},{"type":"ADVISORY","url":"https://eprint.iacr.org/2021/923"},{"type":"ADVISORY","url":"https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1"},{"type":"EVIDENCE","url":"https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/weidai11/cryptopp","events":[{"introduced":"0"},{"last_affected":"f2102243e6fdd48c0b2a393a0993cca228f20573"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.5"}]}}],"versions":["CRYPTOPP_5_0","CRYPTOPP_5_1","CRYPTOPP_5_2","CRYPTOPP_5_2_1","CRYPTOPP_5_2_3","CRYPTOPP_5_3_0","CRYPTOPP_5_4","CRYPTOPP_5_5","CRYPTOPP_5_5_1","CRYPTOPP_5_5_2","CRYPTOPP_5_6_0","CRYPTOPP_5_6_1","CRYPTOPP_5_6_2","CRYPTOPP_5_6_3","CRYPTOPP_5_6_4","CRYPTOPP_5_6_5","CRYPTOPP_6_0_0","CRYPTOPP_7_0_0","CRYPTOPP_8_0_0","CRYPTOPP_8_1_0","CRYPTOPP_8_2_0","CRYPTOPP_8_3_0","CRYPTOPP_8_4_0","CRYPTOPP_8_5_0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40530.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}