The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library. An exploit would allow an attacker to write arbitrary data to a target machine and execute code. The bug is simple to exploit, according to Google Project Zero researcher Tavis Ormandy. A full 70 percent of applications being used today have at least one security flaw stemming from the use of an open-source library, according to Veracode s latest State of Software Security report.
Source: https://threatpost.com/critical-libgcrypt-crypto-bug-arbitrary-code/163546/