Advisory ROSA-SA-2021-1870

Software: libgcrypt 1.5.3
OS: Cobalt 7.9

CVE-ID: CVE-2014-5270
CVE-Crit: CRITICAL
CVE-DESC: Libgcrypt before 1.5.4, used in GnuPG and other products, incorrectly performs ciphertext normalization and ciphertext randomization, making it easier for physically proximate attackers to conduct key extraction attacks by exploiting the ability to collect stress data. of unprotected metal, vector differs from CVE-2013-4576.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-3591
CVE-Crit: MEDIUM
CVE-DESC: Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically nearby attackers to obtain the server’s private key by determining factors using generated ciphertext and electromagnetic field fluctuations during multiplication. . .
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-0837
CVE-Crit: MEDIUM
CVE-DESC: The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by exploiting the time difference in accessing a precomputed table during modular degree ascension associated with "last level cache side- Channel Attack ".
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-7511
CVE-Crit: LOW
CVE-DESC: Libgcrypt before 1.6.5 incorrectly performs elliptic curve multiplication during decryption, making it easier for physically nearby attackers to extract ECDH keys by measuring electromagnetic emissions.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-0379
CVE-Crit: HIGH
CVE-DESC: Libgcrypt before 1.8.1 incorrectly accounts for Curve25519 side-channel attacks, making it easier for attackers to discover the secret key associated with cipher / ecc.c and mpi / ec.c.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-7526
CVE-Crit: MEDIUM
CVE-DESC: libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting in a full RSA-1024 violation when using the left-to-right method to compute the sliding window extension. The same attack is believed to work on RSA-2048 with a moderately large amount of computation. This side channel requires that an attacker can run arbitrary software on hardware that uses the RSA private key.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-9526
CVE-Crit: MEDIUM
CVE-DESC: In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a change to cipher / ecc-eddsa.c to store this session key in protected memory to ensure that the MPI library uses constant time point operations.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-0495
CVE-Crit: MEDIUM
CVE-DESC: Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory cache side-channel attack on ECDSA signatures, which can be mitigated by using blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher / ecc -ecdsa.c, also known as the “Hidden Number Problem” or ROHNP. To discover the ECDSA key, an attacker needs access to either a local machine or another virtual machine on the same physical host.
CVE-STATUS: default
CVE-REV: Default

CVE-ID: CVE-2018-6829
CVE-Crit: HIGH
CVE-DESC: cipher / elgamal.c in Libgcrypt before 1.8.2, when used for direct message encryption, incorrectly encodes plaintext, allowing attackers to obtain sensitive information by reading ciphertext data (i.e., it has no semantic security in the face of a ciphertext-only attack). The Decisive Diffie-Hellman (DDH) assumption is not met for the Libgcrypt implementation of ElGamal.
CVE-STATUS: default
CVE-REV: default