CVEs-PoC/2021/CVE-2021-33560.md

### [CVE-2021-33560](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33560)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

### POC

#### Reference
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html

#### Github
- https://github.com/1g-v/DevSec_Docker_lab
- https://github.com/ARPSyndicate/cvemon
- https://github.com/IBM/PGP-client-checker-CVE-2021-33560
- https://github.com/L-ivan7/-.-DevSec_Docker
- https://github.com/PajakAlexandre/wik-dps-tp02
- https://github.com/brandoncamenisch/release-the-code-litecoin
- https://github.com/cdupuis/image-api
- https://github.com/epequeno/devops-demo
- https://github.com/fokypoky/places-list
- https://github.com/kenlavbah/log4jnotes
- https://github.com/leoambrus/CheckersNomisec
- https://github.com/marklogic/marklogic-kubernetes
- https://github.com/mmbazm/secure_license_server
- https://github.com/n0-traces/cve_monitor
- https://github.com/onzack/trivy-multiscanner