Search for packages
| purl | pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-22d8-jhnm-aaad
Aliases: CVE-2017-0379 |
Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. |
Affected by 2 other vulnerabilities. |
|
VCID-2z7d-8u2h-aaaa
Aliases: CVE-2019-13627 |
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-6546-cx94-aaah
Aliases: CVE-2021-33560 |
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-d91d-8t7r-aaag
Aliases: CVE-2018-0495 |
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
Affected by 2 other vulnerabilities. |
|
VCID-tegv-r6ak-aaaa
Aliases: CVE-2021-40528 |
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. |
Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-vavn-12uu-aaan
Aliases: CVE-2017-7526 |
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-22d8-jhnm-aaad | Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. |
CVE-2017-0379
|
| VCID-d91d-8t7r-aaag | Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
CVE-2018-0495
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-22T11:11:21.501604+00:00 | Debian Importer | Affected by | VCID-6546-cx94-aaah | None | 36.1.3 |
| 2025-06-21T18:08:41.472136+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T17:10:11.888265+00:00 | Debian Importer | Affected by | VCID-2z7d-8u2h-aaaa | None | 36.1.3 |
| 2025-06-21T15:15:55.826456+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:19:48.320723+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:01:05.280164+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:37:23.895701+00:00 | Debian Oval Importer | Affected by | VCID-vavn-12uu-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T10:56:43.064957+00:00 | Debian Oval Importer | Fixing | VCID-22d8-jhnm-aaad | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:18:28.794981+00:00 | Debian Oval Importer | Fixing | VCID-d91d-8t7r-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T02:08:44.846837+00:00 | Debian Oval Importer | Affected by | VCID-2z7d-8u2h-aaaa | None | 36.1.3 |
| 2025-06-21T01:20:05.458193+00:00 | Debian Oval Importer | Affected by | VCID-vavn-12uu-aaan | None | 36.1.3 |
| 2025-06-20T21:19:40.647106+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | None | 36.1.3 |
| 2025-06-20T20:56:02.121341+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | None | 36.1.3 |
| 2025-06-20T20:44:29.211808+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | None | 36.1.3 |
| 2025-06-20T20:06:09.346106+00:00 | Debian Oval Importer | Fixing | VCID-22d8-jhnm-aaad | None | 36.1.3 |
| 2025-06-20T19:58:21.320613+00:00 | Debian Oval Importer | Fixing | VCID-d91d-8t7r-aaag | None | 36.1.3 |
| 2025-06-08T12:22:30.479406+00:00 | Debian Oval Importer | Affected by | VCID-vavn-12uu-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:40:09.589571+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T08:09:44.405723+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:14:22.718955+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:56:01.790470+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:34:43.097904+00:00 | Debian Oval Importer | Affected by | VCID-vavn-12uu-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:30:06.624038+00:00 | Debian Oval Importer | Fixing | VCID-22d8-jhnm-aaad | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:06:03.268291+00:00 | Debian Oval Importer | Fixing | VCID-d91d-8t7r-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-07T19:32:28.544226+00:00 | Debian Oval Importer | Affected by | VCID-2z7d-8u2h-aaaa | None | 36.1.0 |
| 2025-06-07T18:42:52.234371+00:00 | Debian Oval Importer | Affected by | VCID-vavn-12uu-aaan | None | 36.1.0 |
| 2025-06-07T14:43:17.293899+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | None | 36.1.0 |
| 2025-06-07T14:24:01.517770+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | None | 36.1.0 |
| 2025-06-07T14:16:22.255594+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | None | 36.1.0 |
| 2025-06-07T13:52:35.624472+00:00 | Debian Oval Importer | Fixing | VCID-22d8-jhnm-aaad | None | 36.1.0 |
| 2025-06-07T13:47:58.879272+00:00 | Debian Oval Importer | Fixing | VCID-d91d-8t7r-aaag | None | 36.1.0 |
| 2025-04-12T21:52:21.626205+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:46:15.471271+00:00 | Debian Oval Importer | Affected by | VCID-2z7d-8u2h-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:04:02.334182+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:08:32.061563+00:00 | Debian Oval Importer | Affected by | VCID-vavn-12uu-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:21:51.415892+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T06:41:43.182195+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:46:32.680681+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:27:53.458432+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:06:12.153845+00:00 | Debian Oval Importer | Affected by | VCID-vavn-12uu-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:00:26.145341+00:00 | Debian Oval Importer | Fixing | VCID-22d8-jhnm-aaad | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:34:33.343451+00:00 | Debian Oval Importer | Fixing | VCID-d91d-8t7r-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-07T18:10:09.471663+00:00 | Debian Oval Importer | Affected by | VCID-2z7d-8u2h-aaaa | None | 36.0.0 |
| 2025-04-07T17:20:40.778189+00:00 | Debian Oval Importer | Affected by | VCID-vavn-12uu-aaan | None | 36.0.0 |
| 2025-04-07T13:15:15.810222+00:00 | Debian Oval Importer | Affected by | VCID-tegv-r6ak-aaaa | None | 36.0.0 |
| 2025-04-07T12:56:33.036865+00:00 | Debian Oval Importer | Affected by | VCID-d91d-8t7r-aaag | None | 36.0.0 |
| 2025-04-07T12:49:14.328733+00:00 | Debian Oval Importer | Affected by | VCID-22d8-jhnm-aaad | None | 36.0.0 |
| 2025-04-07T12:27:28.733861+00:00 | Debian Oval Importer | Fixing | VCID-22d8-jhnm-aaad | None | 36.0.0 |
| 2025-04-07T12:23:01.840678+00:00 | Debian Oval Importer | Fixing | VCID-d91d-8t7r-aaag | None | 36.0.0 |
| 2025-04-06T04:30:41.765649+00:00 | Debian Importer | Affected by | VCID-6546-cx94-aaah | None | 36.0.0 |
| 2025-04-05T13:32:12.104623+00:00 | Debian Importer | Affected by | VCID-2z7d-8u2h-aaaa | None | 36.0.0 |
| 2025-02-20T01:51:56.856831+00:00 | Debian Importer | Affected by | VCID-6546-cx94-aaah | None | 35.1.0 |
| 2025-02-19T05:59:50.388182+00:00 | Debian Importer | Affected by | VCID-2z7d-8u2h-aaaa | None | 35.1.0 |
| 2024-11-22T19:54:10.586247+00:00 | Debian Importer | Affected by | VCID-6546-cx94-aaah | None | 35.0.0 |
| 2024-10-09T18:37:30.877591+00:00 | Debian Importer | Affected by | VCID-6546-cx94-aaah | None | 34.0.2 |
| 2024-09-19T03:01:37.504849+00:00 | Debian Importer | Affected by | VCID-6546-cx94-aaah | None | 34.0.1 |
| 2024-04-25T01:20:47.963481+00:00 | Debian Importer | Affected by | VCID-6546-cx94-aaah | None | 34.0.0rc4 |
| 2024-04-24T14:12:21.040652+00:00 | Debian Importer | Affected by | VCID-2z7d-8u2h-aaaa | None | 34.0.0rc4 |
| 2024-01-11T02:21:13.434528+00:00 | Debian Importer | Affected by | VCID-6546-cx94-aaah | None | 34.0.0rc2 |
| 2024-01-10T16:56:07.296572+00:00 | Debian Importer | Affected by | VCID-2z7d-8u2h-aaaa | None | 34.0.0rc2 |
| 2024-01-04T14:41:17.935911+00:00 | Debian Importer | Affected by | VCID-6546-cx94-aaah | None | 34.0.0rc1 |
| 2024-01-04T06:37:06.630780+00:00 | Debian Importer | Affected by | VCID-2z7d-8u2h-aaaa | None | 34.0.0rc1 |