Search for packages
Package details: pkg:deb/debian/libgcrypt20@1.6.3-2%2Bdeb8u4
purl pkg:deb/debian/libgcrypt20@1.6.3-2%2Bdeb8u4
Next non-vulnerable version 1.10.1-3
Latest non-vulnerable version 1.10.1-3
Risk 4.0
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-22d8-jhnm-aaad
Aliases:
CVE-2017-0379
Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.
1.7.6-2+deb9u3
Affected by 6 other vulnerabilities.
1.8.4-5
Affected by 2 other vulnerabilities.
VCID-2z7d-8u2h-aaaa
Aliases:
CVE-2019-13627
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
1.8.4-5
Affected by 2 other vulnerabilities.
1.8.7-6
Affected by 1 other vulnerability.
VCID-av6f-h7c6-aaaq
Aliases:
CVE-2017-9526
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.
1.7.6-2+deb9u1
Affected by 5 other vulnerabilities.
VCID-d91d-8t7r-aaag
Aliases:
CVE-2018-0495
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
1.7.6-2+deb9u3
Affected by 6 other vulnerabilities.
1.8.4-5
Affected by 2 other vulnerabilities.
VCID-fan4-zdcw-aaam
Aliases:
CVE-2016-6313
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
1.7.6-1~bpo8+1
Affected by 6 other vulnerabilities.
VCID-ke9d-zyem-aaar
Aliases:
CVE-2015-7511
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.
1.7.6-1~bpo8+1
Affected by 6 other vulnerabilities.
VCID-tegv-r6ak-aaaa
Aliases:
CVE-2021-40528
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
1.8.4-5+deb10u1
Affected by 3 other vulnerabilities.
1.8.7-6
Affected by 1 other vulnerability.
VCID-vavn-12uu-aaan
Aliases:
CVE-2017-7526
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.
1.7.6-2+deb9u1
Affected by 5 other vulnerabilities.
1.8.4-5
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-av6f-h7c6-aaaq In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library. CVE-2017-9526
VCID-fan4-zdcw-aaam The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. CVE-2016-6313
VCID-ke9d-zyem-aaar Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. CVE-2015-7511
VCID-vavn-12uu-aaan libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used. CVE-2017-7526

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:07:54.791761+00:00 Debian Oval Importer Affected by VCID-av6f-h7c6-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:53:39.182267+00:00 Debian Oval Importer Affected by VCID-fan4-zdcw-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:08:41.465505+00:00 Debian Oval Importer Affected by VCID-tegv-r6ak-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T15:22:29.737484+00:00 Debian Oval Importer Affected by VCID-fan4-zdcw-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:15:55.820383+00:00 Debian Oval Importer Affected by VCID-tegv-r6ak-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:19:48.314387+00:00 Debian Oval Importer Affected by VCID-22d8-jhnm-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:09:18.712730+00:00 Debian Oval Importer Affected by VCID-av6f-h7c6-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:01:05.273746+00:00 Debian Oval Importer Affected by VCID-d91d-8t7r-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:37:23.889526+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:58:30.657802+00:00 Debian Oval Importer Affected by VCID-ke9d-zyem-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T10:56:43.059388+00:00 Debian Oval Importer Affected by VCID-22d8-jhnm-aaad https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:37:28.560667+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:18:28.789358+00:00 Debian Oval Importer Affected by VCID-d91d-8t7r-aaag https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:00:16.046317+00:00 Debian Oval Importer Fixing VCID-av6f-h7c6-aaaq https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T09:46:32.105754+00:00 Debian Oval Importer Fixing VCID-vavn-12uu-aaan https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T09:42:42.848717+00:00 Debian Oval Importer Fixing VCID-ke9d-zyem-aaar https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T09:35:49.168026+00:00 Debian Oval Importer Fixing VCID-fan4-zdcw-aaam https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T02:08:44.840144+00:00 Debian Oval Importer Affected by VCID-2z7d-8u2h-aaaa None 36.1.3
2025-06-21T00:21:39.561457+00:00 Debian Oval Importer Affected by VCID-ke9d-zyem-aaar None 36.1.3
2025-06-20T22:10:14.832570+00:00 Debian Oval Importer Affected by VCID-fan4-zdcw-aaam None 36.1.3
2025-06-20T21:19:40.641196+00:00 Debian Oval Importer Affected by VCID-tegv-r6ak-aaaa None 36.1.3
2025-06-20T20:10:53.571528+00:00 Debian Oval Importer Affected by VCID-av6f-h7c6-aaaq None 36.1.3
2025-06-20T20:06:09.340907+00:00 Debian Oval Importer Affected by VCID-22d8-jhnm-aaad None 36.1.3
2025-06-20T20:04:01.895917+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan None 36.1.3
2025-06-20T19:58:21.315200+00:00 Debian Oval Importer Affected by VCID-d91d-8t7r-aaag None 36.1.3
2025-06-20T19:52:10.989130+00:00 Debian Oval Importer Fixing VCID-vavn-12uu-aaan None 36.1.3
2025-06-20T19:52:06.694128+00:00 Debian Oval Importer Fixing VCID-ke9d-zyem-aaar None 36.1.3
2025-06-20T19:40:13.879671+00:00 Debian Oval Importer Fixing VCID-av6f-h7c6-aaaq None 36.1.3
2025-06-20T19:38:37.794307+00:00 Debian Oval Importer Fixing VCID-fan4-zdcw-aaam None 36.1.3
2025-06-08T12:22:30.473661+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:36:57.731107+00:00 Debian Oval Importer Affected by VCID-av6f-h7c6-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:23:25.463913+00:00 Debian Oval Importer Affected by VCID-fan4-zdcw-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:40:09.584969+00:00 Debian Oval Importer Affected by VCID-tegv-r6ak-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T08:16:52.126103+00:00 Debian Oval Importer Affected by VCID-fan4-zdcw-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:09:44.401095+00:00 Debian Oval Importer Affected by VCID-tegv-r6ak-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:14:22.714340+00:00 Debian Oval Importer Affected by VCID-22d8-jhnm-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:04:09.052206+00:00 Debian Oval Importer Affected by VCID-av6f-h7c6-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:56:01.785795+00:00 Debian Oval Importer Affected by VCID-d91d-8t7r-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:34:43.092499+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:08:44.535104+00:00 Debian Oval Importer Affected by VCID-ke9d-zyem-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:30:06.619228+00:00 Debian Oval Importer Affected by VCID-22d8-jhnm-aaad https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:18:20.200638+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:06:03.254608+00:00 Debian Oval Importer Affected by VCID-d91d-8t7r-aaag https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T03:49:22.254462+00:00 Debian Oval Importer Fixing VCID-av6f-h7c6-aaaq https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-08T03:35:15.184503+00:00 Debian Oval Importer Fixing VCID-vavn-12uu-aaan https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-08T03:31:21.932343+00:00 Debian Oval Importer Fixing VCID-ke9d-zyem-aaar https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-08T03:24:27.149084+00:00 Debian Oval Importer Fixing VCID-fan4-zdcw-aaam https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-07T19:32:28.537460+00:00 Debian Oval Importer Affected by VCID-2z7d-8u2h-aaaa None 36.1.0
2025-06-07T17:44:33.311423+00:00 Debian Oval Importer Affected by VCID-ke9d-zyem-aaar None 36.1.0
2025-06-07T15:34:17.344268+00:00 Debian Oval Importer Affected by VCID-fan4-zdcw-aaam None 36.1.0
2025-06-07T14:43:17.289318+00:00 Debian Oval Importer Affected by VCID-tegv-r6ak-aaaa None 36.1.0
2025-06-07T13:53:53.058235+00:00 Debian Oval Importer Affected by VCID-av6f-h7c6-aaaq None 36.1.0
2025-06-07T13:52:35.618522+00:00 Debian Oval Importer Affected by VCID-22d8-jhnm-aaad None 36.1.0
2025-06-07T13:51:33.794432+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan None 36.1.0
2025-06-07T13:47:58.873771+00:00 Debian Oval Importer Affected by VCID-d91d-8t7r-aaag None 36.1.0
2025-06-07T13:43:37.891433+00:00 Debian Oval Importer Fixing VCID-vavn-12uu-aaan None 36.1.0
2025-06-07T13:43:33.670694+00:00 Debian Oval Importer Fixing VCID-ke9d-zyem-aaar None 36.1.0
2025-06-07T13:34:20.981109+00:00 Debian Oval Importer Fixing VCID-av6f-h7c6-aaaq None 36.1.0
2025-06-07T13:32:53.060845+00:00 Debian Oval Importer Fixing VCID-fan4-zdcw-aaam None 36.1.0
2025-04-12T21:52:21.610660+00:00 Debian Oval Importer Affected by VCID-d91d-8t7r-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:46:15.456496+00:00 Debian Oval Importer Affected by VCID-2z7d-8u2h-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:04:02.319394+00:00 Debian Oval Importer Affected by VCID-22d8-jhnm-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:17:28.396587+00:00 Debian Oval Importer Affected by VCID-ke9d-zyem-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:08:32.046612+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:21:31.673850+00:00 Debian Oval Importer Affected by VCID-av6f-h7c6-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:07:29.448400+00:00 Debian Oval Importer Affected by VCID-fan4-zdcw-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:21:51.400900+00:00 Debian Oval Importer Affected by VCID-tegv-r6ak-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T06:48:22.156910+00:00 Debian Oval Importer Affected by VCID-fan4-zdcw-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:41:43.167288+00:00 Debian Oval Importer Affected by VCID-tegv-r6ak-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:46:32.666011+00:00 Debian Oval Importer Affected by VCID-22d8-jhnm-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:36:07.899525+00:00 Debian Oval Importer Affected by VCID-av6f-h7c6-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:27:53.442895+00:00 Debian Oval Importer Affected by VCID-d91d-8t7r-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:06:12.138015+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:39:42.445022+00:00 Debian Oval Importer Affected by VCID-ke9d-zyem-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:00:26.130181+00:00 Debian Oval Importer Affected by VCID-22d8-jhnm-aaad https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:47:45.689801+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:34:33.328491+00:00 Debian Oval Importer Affected by VCID-d91d-8t7r-aaag https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:17:11.162956+00:00 Debian Oval Importer Fixing VCID-av6f-h7c6-aaaq https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-08T02:02:50.142394+00:00 Debian Oval Importer Fixing VCID-vavn-12uu-aaan https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-08T01:58:50.930256+00:00 Debian Oval Importer Fixing VCID-ke9d-zyem-aaar https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-08T01:51:49.732614+00:00 Debian Oval Importer Fixing VCID-fan4-zdcw-aaam https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-07T18:10:09.455529+00:00 Debian Oval Importer Affected by VCID-2z7d-8u2h-aaaa None 36.0.0
2025-04-07T16:20:44.476600+00:00 Debian Oval Importer Affected by VCID-ke9d-zyem-aaar None 36.0.0
2025-04-07T14:05:14.800318+00:00 Debian Oval Importer Affected by VCID-fan4-zdcw-aaam None 36.0.0
2025-04-07T13:15:15.793948+00:00 Debian Oval Importer Affected by VCID-tegv-r6ak-aaaa None 36.0.0
2025-04-07T12:28:42.497698+00:00 Debian Oval Importer Affected by VCID-av6f-h7c6-aaaq None 36.0.0
2025-04-07T12:27:28.717668+00:00 Debian Oval Importer Affected by VCID-22d8-jhnm-aaad None 36.0.0
2025-04-07T12:26:29.102103+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan None 36.0.0
2025-04-07T12:23:01.821944+00:00 Debian Oval Importer Affected by VCID-d91d-8t7r-aaag None 36.0.0
2025-04-07T12:18:54.826616+00:00 Debian Oval Importer Fixing VCID-vavn-12uu-aaan None 36.0.0
2025-04-07T12:18:50.466231+00:00 Debian Oval Importer Fixing VCID-ke9d-zyem-aaar None 36.0.0
2025-04-07T12:09:47.281922+00:00 Debian Oval Importer Fixing VCID-av6f-h7c6-aaaq None 36.0.0
2025-04-07T12:08:18.478136+00:00 Debian Oval Importer Fixing VCID-fan4-zdcw-aaam None 36.0.0