Google reveals serious bug in Libgcrypt crypto library – affecting many projects

A “severe” vulnerability in GNU Privacy Guard’s (GnuPG) Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution.

The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis Ormandy of Project Zero, a security research unit within Google dedicated to finding zero-day bugs in hardware systems and software.

No other version of Libgcrypt is affected by the vulnerability.

“There is a heap buffer overflow in libgcrypt due to incorrect assumption in the block buffer handling code,” Ormandy said. “The simple act of decrypting some data can overflow a heap buffer with data controlled by an attacker, no verification or signature is validated until the vulnerability occurs.”

GnuPG fixed the weakness almost immediately within a day of disclosure, while urging users to stop using the vulnerable version. The latest version can be downloaded here.

The Libgcrypt library is an open-source cryptographic toolkit offered as part of the GnuPG software suite for encrypting and signing data and communications. An implementation of OpenPGP, it is used for digital security in many Linux distributions such as Fedora and Gentoo, although it is not as widely used as OpenSSL or LibreSSL.

According to GnuPG, the bug appears to have been introduced in version 1.9.0 during its development phase two years ago as part of a change to “reduce the overhead of the generic hash write function”, but it was only spotted last week by Google Project Zero.

So, all an attacker needs to do to trigger this critical flaw is send the library a specially crafted chunk of data for decryption, thus tricking the application into executing an arbitrary fragment of embedded malicious code (aka shellcode) or to crash a program. (in this case, gpg) which relies on the Libgcrypt library.

“Exploiting this bug is straightforward and therefore immediate action for version 1.9.0 users is required,” noted Libgcrypt author Werner Koch. “The 1.9.0 tar archives on our FTP server have been renamed so that scripts cannot get this version anymore.”