Severe Bug in Libgcrypt Encryption Library

The flaw was discovered on January 28th by Travis Ormandy of Project Zero, which is a security research unti within Google. It was found in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption software, and potentially allowed attackers to write arbitrary data to the target machine. This is a severe vulnerability, which could lead to remote code execution.

Fortunately, no other version of Libcgrypt seem to be affected by the vulnerability and GnuPG addressed the weakness almost immediately. Within.a day after disclosure, users were urged to stop using the vulnerable version, in hopes to avoid any further damage.


Article Rating