Search for packages
| purl | pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-22d8-jhnm-aaad
Aliases: CVE-2017-0379 |
Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. |
Affected by 6 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-2z7d-8u2h-aaaa
Aliases: CVE-2019-13627 |
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-d91d-8t7r-aaag
Aliases: CVE-2018-0495 |
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
Affected by 6 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-tegv-r6ak-aaaa
Aliases: CVE-2021-40528 |
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. |
Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-vavn-12uu-aaan
Aliases: CVE-2017-7526 |
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-av6f-h7c6-aaaq | In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library. |
CVE-2017-9526
|
| VCID-vavn-12uu-aaan | libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used. |
CVE-2017-7526
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T19:07:54.795868+00:00 | Debian Oval Importer | Fixing | VCID-av6f-h7c6-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T18:08:41.469909+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T15:15:55.824486+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:19:48.318302+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:09:18.716746+00:00 | Debian Oval Importer | Fixing | VCID-av6f-h7c6-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:01:05.278155+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:37:23.893782+00:00 | Debian Oval Importer | Affected by | VCID-vavn-12uu-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T10:56:43.063071+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:37:28.564578+00:00 | Debian Oval Importer | Fixing | VCID-vavn-12uu-aaan | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:18:28.793066+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T02:08:44.844920+00:00 | Debian Oval Importer | Affected by | VCID-2z7d-8u2h-aaaa | None | 36.1.3 |
| 2025-06-21T01:20:05.455792+00:00 | Debian Oval Importer | Affected by | VCID-vavn-12uu-aaan | None | 36.1.3 |
| 2025-06-20T21:19:40.645333+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | None | 36.1.3 |
| 2025-06-20T20:10:53.574690+00:00 | Debian Oval Importer | Fixing | VCID-av6f-h7c6-aaaq | None | 36.1.3 |
| 2025-06-20T20:06:09.344481+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | None | 36.1.3 |
| 2025-06-20T20:04:01.900357+00:00 | Debian Oval Importer | Fixing | VCID-vavn-12uu-aaan | None | 36.1.3 |
| 2025-06-20T19:58:21.318718+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | None | 36.1.3 |
| 2025-06-08T12:22:30.477748+00:00 | Debian Oval Importer | Affected by | VCID-vavn-12uu-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T11:36:57.734152+00:00 | Debian Oval Importer | Fixing | VCID-av6f-h7c6-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:40:09.588046+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T08:09:44.404171+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:14:22.717403+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:04:09.055485+00:00 | Debian Oval Importer | Fixing | VCID-av6f-h7c6-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:56:01.788908+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:34:43.096064+00:00 | Debian Oval Importer | Affected by | VCID-vavn-12uu-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:30:06.622457+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:18:20.203721+00:00 | Debian Oval Importer | Fixing | VCID-vavn-12uu-aaan | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:06:03.257745+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-07T19:32:28.542182+00:00 | Debian Oval Importer | Affected by | VCID-2z7d-8u2h-aaaa | None | 36.1.0 |
| 2025-06-07T18:42:52.232439+00:00 | Debian Oval Importer | Affected by | VCID-vavn-12uu-aaan | None | 36.1.0 |
| 2025-06-07T14:43:17.292385+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | None | 36.1.0 |
| 2025-06-07T13:53:53.061958+00:00 | Debian Oval Importer | Fixing | VCID-av6f-h7c6-aaaq | None | 36.1.0 |
| 2025-06-07T13:52:35.622144+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | None | 36.1.0 |
| 2025-06-07T13:51:33.797571+00:00 | Debian Oval Importer | Fixing | VCID-vavn-12uu-aaan | None | 36.1.0 |
| 2025-06-07T13:47:58.876827+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | None | 36.1.0 |
| 2025-04-12T21:52:21.620976+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:46:15.466346+00:00 | Debian Oval Importer | Affected by | VCID-2z7d-8u2h-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:04:02.329299+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:08:32.056462+00:00 | Debian Oval Importer | Affected by | VCID-vavn-12uu-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:21:31.683776+00:00 | Debian Oval Importer | Fixing | VCID-av6f-h7c6-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:21:51.410899+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T06:41:43.177354+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:46:32.675838+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:36:07.909329+00:00 | Debian Oval Importer | Fixing | VCID-av6f-h7c6-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:27:53.453369+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:06:12.148560+00:00 | Debian Oval Importer | Affected by | VCID-vavn-12uu-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:00:26.140328+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:47:45.700110+00:00 | Debian Oval Importer | Fixing | VCID-vavn-12uu-aaan | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:34:33.338384+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-07T18:10:09.466375+00:00 | Debian Oval Importer | Affected by | VCID-2z7d-8u2h-aaaa | None | 36.0.0 |
| 2025-04-07T17:20:40.772813+00:00 | Debian Oval Importer | Affected by | VCID-vavn-12uu-aaan | None | 36.0.0 |
| 2025-04-07T13:15:15.804796+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | None | 36.0.0 |
| 2025-04-07T12:28:42.508446+00:00 | Debian Oval Importer | Fixing | VCID-av6f-h7c6-aaaq | None | 36.0.0 |
| 2025-04-07T12:27:28.728434+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | None | 36.0.0 |
| 2025-04-07T12:26:29.112954+00:00 | Debian Oval Importer | Fixing | VCID-vavn-12uu-aaan | None | 36.0.0 |
| 2025-04-07T12:23:01.835212+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | None | 36.0.0 |