EUVD-2024-2372

Malicious code in bioql PyPI...

CVE-2025-29779

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the secureredundantexecution function in feldmanvss.py attempts to mitigate fault injection attacks by executing a function...

Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`

Description: The secureredundantexecution function in feldmanvss.py attempts to mitigate fault injection attacks by executing a function multiple times and comparing results. However, several critical weaknesses exist: 1. Python's execution environment cannot guarantee true isolation between...

CVE-2025-29779

The CVE describes a fault-injection countermeasure weakness in the Python implementation of Post-Quantum Secure Feldman’s Verifiable Secret Sharing (VSS) in PostQuantum-Feldman-VSS, specifically the secure_redundant_execution function. Affected versions up to 0.8.0b2 are vulnerable because Python...

vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material

Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...

RUSTSEC-2024-0354 Usage of non-constant time base64 decoder could lead to leakage of secret key material

Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...

SUSE SLED11 / SLES11 Security Update : libgcrypt (SUSE-SU-2015:1626-1)

This update fixes the following issues : - Use ciphertext blinding for Elgamal decryption CVE-2014-3591. See http://www.cs.tau.ac.il/tromer/radioexp/ for details. bsc920057 - Fixed data-dependent timing variations in modular exponentiation related to CVE-2015-0837, Last-Level Cache Side-Channel...

Amazon Linux: Security Advisory (ALAS-2015-577)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2015:1511-1 Security update for libgcrypt

This update fixes the following issues: Security: Fixed data-dependent timing variations in modular exponentiation related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical bsc920057 Bugfixes: don't drop privileges when locking secure memory bsc938343...

SUSE-SU-2015:1626-1 Security update for libgcrypt

This update fixes the following issues: Use ciphertext blinding for Elgamal decryption CVE-2014-3591. See http://www.cs.tau.ac.il/tromer/radioexp/ for details. bsc920057 Fixed data-dependent timing variations in modular exponentiation related to CVE-2015-0837, Last-Level Cache Side-Channel Attack...

DLA-190-1 libgcrypt11 - security update

Bulletin has no description...

Debian DSA-3185-1 : libgcrypt11 - security update

Multiple vulnerabilities were discovered in libgcrypt : - CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite noticeable impact on...

Debian Security Advisory DSA 3184-1 (gnupg - security update)

Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite...

Debian Security Advisory DSA 3185-1 (libgcrypt11 - security update)

Multiple vulnerabilities were discovered in libgcrypt: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite noticeable impact on...

Updated gnupg and libgcrypt packages fix security vulnerabilities

GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak CVE-2014-3591. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak...