CVE-2021-3345

HIGH

Libgcrypt 1.9.0 - Heap-Based Buffer Overflow in _gcry_md_block_write

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-3345. PoCs published by MLGRadish, SpiralBL0CK.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-3345, a vulnerability in Libgcrypt 1.9.0. The exploit leverages a buffer overflow in the gcry_md_write function to achieve arbitrary code execution by overwriting a function pointer.

Description

_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.

Exploits (2)

nomisec WORKING POC 9 stars

by MLGRadish · poc

https://github.com/MLGRadish/CVE-2021-3345

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-3345, a vulnerability in Libgcrypt 1.9.0. The exploit leverages a buffer overflow in the gcry_md_write function to achieve arbitrary code execution by overwriting a function pointer.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Libgcrypt 1.9.0

No auth needed

Prerequisites: Libgcrypt 1.9.0 installed · Compilation environment with clang and necessary libraries

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 3 stars

by SpiralBL0CK · poc

https://github.com/SpiralBL0CK/CVE-2021-3345