Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects
A “severe” vulnerability in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution.
The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis Ormandy of Project Zero, a security research unit within Google dedicated to finding zero-day bugs