VulnerableCode Package Details - pkg:deb/debian/libgcrypt20@1.8.4-5

Search for packages

Package details: pkg:deb/debian/libgcrypt20@1.8.4-5

Essentials
History (50)

purl	pkg:deb/debian/libgcrypt20@1.8.4-5

Next non-vulnerable version	1.10.1-3
Latest non-vulnerable version	1.10.1-3
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-2z7d-8u2h-aaaa Aliases: CVE-2019-13627	It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.	1.8.7-6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-tegv-r6ak-aaaa Aliases: CVE-2021-40528	The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.	1.8.4-5+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.8.7-6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2z7d-8u2h-aaaa
Aliases:
CVE-2019-13627

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.

1.8.7-6
Affected by 1 other vulnerability.

VCID-tegv-r6ak-aaaa
Aliases:
CVE-2021-40528

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

1.8.4-5+deb10u1
Affected by 3 other vulnerabilities.

1.8.7-6
Affected by 1 other vulnerability.

Vulnerabilities fixed by this package (5)

Vulnerability	Summary	Aliases
VCID-22d8-jhnm-aaad	Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.	CVE-2017-0379
VCID-2z7d-8u2h-aaaa	It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.	CVE-2019-13627
VCID-6546-cx94-aaah	Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.	CVE-2021-33560
VCID-d91d-8t7r-aaag	Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.	CVE-2018-0495
VCID-vavn-12uu-aaan	libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.	CVE-2017-7526

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-22T11:11:21.504285+00:00	Debian Importer	Fixing	VCID-6546-cx94-aaah	None	36.1.3
2025-06-21T18:08:41.474272+00:00	Debian Oval Importer	Affected by	VCID-tegv-r6ak-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-06-21T17:10:11.891444+00:00	Debian Importer	Fixing	VCID-2z7d-8u2h-aaaa	None	36.1.3
2025-06-21T15:15:55.828369+00:00	Debian Oval Importer	Affected by	VCID-tegv-r6ak-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:19:48.322780+00:00	Debian Oval Importer	Fixing	VCID-22d8-jhnm-aaad	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:01:05.281805+00:00	Debian Oval Importer	Fixing	VCID-d91d-8t7r-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T12:37:23.897663+00:00	Debian Oval Importer	Fixing	VCID-vavn-12uu-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T02:08:44.849033+00:00	Debian Oval Importer	Affected by	VCID-2z7d-8u2h-aaaa	None	36.1.3
2025-06-21T01:20:05.460588+00:00	Debian Oval Importer	Fixing	VCID-vavn-12uu-aaan	None	36.1.3
2025-06-20T21:19:40.648763+00:00	Debian Oval Importer	Affected by	VCID-tegv-r6ak-aaaa	None	36.1.3
2025-06-20T20:56:02.123227+00:00	Debian Oval Importer	Fixing	VCID-d91d-8t7r-aaag	None	36.1.3
2025-06-20T20:44:29.213530+00:00	Debian Oval Importer	Fixing	VCID-22d8-jhnm-aaad	None	36.1.3
2025-06-08T12:22:30.481003+00:00	Debian Oval Importer	Fixing	VCID-vavn-12uu-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T10:40:09.591069+00:00	Debian Oval Importer	Affected by	VCID-tegv-r6ak-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T08:09:44.407221+00:00	Debian Oval Importer	Affected by	VCID-tegv-r6ak-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:14:22.720521+00:00	Debian Oval Importer	Fixing	VCID-22d8-jhnm-aaad	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T05:56:01.792020+00:00	Debian Oval Importer	Fixing	VCID-d91d-8t7r-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T05:34:43.099748+00:00	Debian Oval Importer	Fixing	VCID-vavn-12uu-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T19:32:28.545942+00:00	Debian Oval Importer	Affected by	VCID-2z7d-8u2h-aaaa	None	36.1.0
2025-06-07T18:42:52.236217+00:00	Debian Oval Importer	Fixing	VCID-vavn-12uu-aaan	None	36.1.0
2025-06-07T14:43:17.295394+00:00	Debian Oval Importer	Affected by	VCID-tegv-r6ak-aaaa	None	36.1.0
2025-06-07T14:24:01.519684+00:00	Debian Oval Importer	Fixing	VCID-d91d-8t7r-aaag	None	36.1.0
2025-06-07T14:16:22.257280+00:00	Debian Oval Importer	Fixing	VCID-22d8-jhnm-aaad	None	36.1.0
2025-04-12T21:52:21.631504+00:00	Debian Oval Importer	Fixing	VCID-d91d-8t7r-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T20:46:15.476175+00:00	Debian Oval Importer	Affected by	VCID-2z7d-8u2h-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T20:04:02.339231+00:00	Debian Oval Importer	Fixing	VCID-22d8-jhnm-aaad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T18:08:32.066541+00:00	Debian Oval Importer	Fixing	VCID-vavn-12uu-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T16:21:51.420876+00:00	Debian Oval Importer	Affected by	VCID-tegv-r6ak-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T06:41:43.187271+00:00	Debian Oval Importer	Affected by	VCID-tegv-r6ak-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:46:32.685671+00:00	Debian Oval Importer	Fixing	VCID-22d8-jhnm-aaad	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:27:53.463575+00:00	Debian Oval Importer	Fixing	VCID-d91d-8t7r-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:06:12.159118+00:00	Debian Oval Importer	Fixing	VCID-vavn-12uu-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T18:10:09.477451+00:00	Debian Oval Importer	Affected by	VCID-2z7d-8u2h-aaaa	None	36.0.0
2025-04-07T17:20:40.783573+00:00	Debian Oval Importer	Fixing	VCID-vavn-12uu-aaan	None	36.0.0
2025-04-07T13:15:15.815658+00:00	Debian Oval Importer	Affected by	VCID-tegv-r6ak-aaaa	None	36.0.0
2025-04-07T12:56:33.042245+00:00	Debian Oval Importer	Fixing	VCID-d91d-8t7r-aaag	None	36.0.0
2025-04-07T12:49:14.334111+00:00	Debian Oval Importer	Fixing	VCID-22d8-jhnm-aaad	None	36.0.0
2025-04-06T04:30:41.770462+00:00	Debian Importer	Fixing	VCID-6546-cx94-aaah	None	36.0.0
2025-04-05T13:32:12.108996+00:00	Debian Importer	Fixing	VCID-2z7d-8u2h-aaaa	None	36.0.0
2025-02-20T01:51:56.862684+00:00	Debian Importer	Fixing	VCID-6546-cx94-aaah	None	35.1.0
2025-02-19T05:59:50.393123+00:00	Debian Importer	Fixing	VCID-2z7d-8u2h-aaaa	None	35.1.0
2024-11-22T19:54:10.591307+00:00	Debian Importer	Fixing	VCID-6546-cx94-aaah	None	35.0.0
2024-10-09T18:37:30.882239+00:00	Debian Importer	Fixing	VCID-6546-cx94-aaah	None	34.0.2
2024-09-19T03:01:37.509326+00:00	Debian Importer	Fixing	VCID-6546-cx94-aaah	None	34.0.1
2024-04-25T01:20:47.968399+00:00	Debian Importer	Fixing	VCID-6546-cx94-aaah	None	34.0.0rc4
2024-04-24T14:12:21.045376+00:00	Debian Importer	Fixing	VCID-2z7d-8u2h-aaaa	None	34.0.0rc4
2024-01-11T02:21:13.438684+00:00	Debian Importer	Fixing	VCID-6546-cx94-aaah	None	34.0.0rc2
2024-01-10T16:56:07.301672+00:00	Debian Importer	Fixing	VCID-2z7d-8u2h-aaaa	None	34.0.0rc2
2024-01-04T14:41:17.940753+00:00	Debian Importer	Fixing	VCID-6546-cx94-aaah	None	34.0.0rc1
2024-01-04T06:37:06.635524+00:00	Debian Importer	Fixing	VCID-2z7d-8u2h-aaaa	None	34.0.0rc1