Search CVE reports
11 – 20 of 21 results
CVE-2017-7526
Medium prioritylibgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed...
4 affected packages
gnupg, gnupg1, libgcrypt11, libgcrypt20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnupg | — | — | — | Not in release | Fixed |
| gnupg1 | — | — | — | Not affected | Not in release |
| libgcrypt11 | — | — | — | Not in release | Not in release |
| libgcrypt20 | — | — | — | Not affected | Fixed |
CVE-2017-9526
Low priorityIn Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this...
2 affected packages
libgcrypt11, libgcrypt20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgcrypt11 | — | — | — | Not in release | Not in release |
| libgcrypt20 | — | — | — | Not affected | Fixed |
CVE-2016-9427
Medium priorityInteger overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
1 affected packages
libgc
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgc | — | — | — | — | Fixed |
CVE-2016-6313
High priorityThe mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by...
4 affected packages
gnupg, gnupg2, libgcrypt11, libgcrypt20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnupg | — | — | — | Not in release | Fixed |
| gnupg2 | — | — | — | Not affected | Not affected |
| libgcrypt11 | — | — | — | Not in release | Not in release |
| libgcrypt20 | — | — | — | Fixed | Fixed |
CVE-2015-7511
Medium priorityLibgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.
2 affected packages
libgcrypt11, libgcrypt20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgcrypt11 | — | — | — | Not in release | Not in release |
| libgcrypt20 | — | — | — | Not affected | Not affected |
CVE-2015-0837
Low priorityThe mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related...
3 affected packages
gnupg, libgcrypt11, libgcrypt20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnupg | — | — | — | — | — |
| libgcrypt11 | — | — | — | — | — |
| libgcrypt20 | — | — | — | — | — |
CVE-2014-3591
Low priorityLibgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted...
3 affected packages
gnupg, libgcrypt11, libgcrypt20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnupg | — | — | — | — | — |
| libgcrypt11 | — | — | — | — | — |
| libgcrypt20 | — | — | — | — | — |
CVE-2014-5270
Medium priorityLibgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction...
3 affected packages
gnupg, libgcrypt11, libgcrypt20
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnupg | — | — | — | — | — |
| libgcrypt11 | — | — | — | — | — |
| libgcrypt20 | — | — | — | — | — |
CVE-2007-6755
Low priorityThe NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might...
10 affected packages
bouncycastle, gnutls26, gnutls28, libgcrypt11, mbedtls...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bouncycastle | — | — | — | Not affected | Not affected |
| gnutls26 | — | — | — | Not in release | Not in release |
| gnutls28 | — | — | — | Not affected | Not affected |
| libgcrypt11 | — | — | — | Not in release | Not in release |
| mbedtls | — | — | — | Not affected | Not affected |
| nss | — | — | — | Not affected | Not affected |
| openssl | — | — | — | Not affected | Not affected |
| openssl098 | — | — | — | Not in release | Not in release |
| polarssl | — | — | — | Not in release | Not in release |
| python-crypto | — | — | — | Not affected | Not affected |
CVE-2013-4242
Medium priorityGnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
2 affected packages
gnupg, libgcrypt11
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnupg | — | — | — | — | — |
| libgcrypt11 | — | — | — | — | — |