Search for packages
| purl | pkg:deb/debian/libgcrypt20@1.6.3-2%2Bdeb8u4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-39sy-v3d8-47bh
Aliases: CVE-2019-13627 |
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. |
Affected by 1 other vulnerability. |
|
VCID-56e3-pspc-ufcq
Aliases: CVE-2021-40528 |
The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. |
Affected by 1 other vulnerability. |
|
VCID-7d8p-dyj6-sbcp
Aliases: CVE-2017-0379 |
Affected by 5 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
|
VCID-7hrs-wfbd-bbcf
Aliases: CVE-2017-7526 |
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used. |
Affected by 5 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-ajtv-xbb3-63ge
Aliases: CVE-2018-0495 |
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
Affected by 5 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-gcbw-63wa-sqhp
Aliases: CVE-2016-6313 |
Affected by 6 other vulnerabilities. |
|
|
VCID-jx87-kjae-kudt
Aliases: CVE-2017-9526 |
Affected by 5 other vulnerabilities. |
|
|
VCID-mh35-8skv-8bhu
Aliases: CVE-2015-7511 |
Affected by 6 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-7hrs-wfbd-bbcf | libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used. |
CVE-2017-7526
|
| VCID-gcbw-63wa-sqhp |
CVE-2016-6313
|
|
| VCID-jx87-kjae-kudt |
CVE-2017-9526
|
|
| VCID-mh35-8skv-8bhu |
CVE-2015-7511
|