Search CVE reports


Toggle filters

11 – 20 of 21 results


CVE-2017-7526

Medium priority
Fixed

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed...

4 affected packages

gnupg, gnupg1, libgcrypt11, libgcrypt20

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg Not in release Fixed
gnupg1 Not affected Not in release
libgcrypt11 Not in release Not in release
libgcrypt20 Not affected Fixed
Show less packages

CVE-2017-9526

Low priority
Fixed

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this...

2 affected packages

libgcrypt11, libgcrypt20

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgcrypt11 Not in release Not in release
libgcrypt20 Not affected Fixed
Show less packages

CVE-2016-9427

Medium priority
Fixed

Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.

1 affected package

libgc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgc Fixed
Show less packages

CVE-2016-6313

High priority
Fixed

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by...

4 affected packages

gnupg, gnupg2, libgcrypt11, libgcrypt20

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg Not in release Fixed
gnupg2 Not affected Not affected
libgcrypt11 Not in release Not in release
libgcrypt20 Fixed Fixed
Show less packages

CVE-2015-7511

Medium priority
Fixed

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.

2 affected packages

libgcrypt11, libgcrypt20

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgcrypt11 Not in release Not in release
libgcrypt20 Not affected Not affected
Show less packages

CVE-2015-0837

Low priority
Fixed

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related...

3 affected packages

gnupg, libgcrypt11, libgcrypt20

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
libgcrypt11
libgcrypt20
Show less packages

CVE-2014-3591

Low priority
Fixed

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted...

3 affected packages

gnupg, libgcrypt11, libgcrypt20

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
libgcrypt11
libgcrypt20
Show less packages

CVE-2014-5270

Medium priority
Fixed

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction...

3 affected packages

gnupg, libgcrypt11, libgcrypt20

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
libgcrypt11
libgcrypt20
Show less packages

CVE-2007-6755

Low priority
Ignored

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might...

10 affected packages

bouncycastle, gnutls26, gnutls28, libgcrypt11, mbedtls...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bouncycastle Not affected Not affected
gnutls26 Not in release Not in release
gnutls28 Not affected Not affected
libgcrypt11 Not in release Not in release
mbedtls Not affected Not affected
nss Not affected Not affected
openssl Not affected Not affected
openssl098 Not in release Not in release
polarssl Not in release Not in release
python-crypto Not affected Not affected
Show all 10 packages Show less packages

CVE-2013-4242

Medium priority
Fixed

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

2 affected packages

gnupg, libgcrypt11

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
libgcrypt11
Show less packages