A dangerous vulnerability in the GNU Privacy Guard (GnuPG) encryption software allows attackers to write arbitrary data to vulnerable systems and potentially execute code. The issue was discovered on January 28, 2021 by security researcher Tavis Ormandy of Google Project Zero and affects the Libgcrypt library used by GnuPG. The vulnerability identified as CVE-2021-3345 affects only version 1.9.0 of the library. The problem is a buffer overflow vulnerability.

Libgcrypt is an open source cryptographic toolkit. The library is used by GnuPG to encrypt and sign data and communications. Libgcrypt is used for security in many Linux distributions such as Fedora and Gentoo.

Libgcrypt 1.9.0 users are advised to upgrade to version 1.9.1 as soon as possible.

Source: securitylab.ru