Search for packages
Package details: pkg:alpm/archlinux/libgcrypt@1.8.2-1
purl pkg:alpm/archlinux/libgcrypt@1.8.2-1
Next non-vulnerable version 1.8.3-1
Latest non-vulnerable version 1.9.3-1
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-d91d-8t7r-aaag
Aliases:
CVE-2018-0495
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
1.8.3-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-03-28T07:46:02.804983+00:00 Arch Linux Importer Affected by VCID-d91d-8t7r-aaag https://security.archlinux.org/AVG-719 36.0.0
2024-09-18T02:01:06.808158+00:00 Arch Linux Importer Affected by VCID-d91d-8t7r-aaag https://security.archlinux.org/AVG-719 34.0.1
2024-06-19T21:46:20.697256+00:00 Arch Linux Importer Affected by VCID-d91d-8t7r-aaag https://security.archlinux.org/AVG-719 34.0.0rc4
2024-01-03T22:27:22.634519+00:00 Arch Linux Importer Affected by VCID-d91d-8t7r-aaag https://security.archlinux.org/AVG-719 34.0.0rc1