17 matches found
CVE-2021-33560
CVE-2021-33560 affects Libgcrypt 1.8.x (before 1.8.8) and 1.9.x (before 1.9.3). The issue is a mishandling of ElGamal due to lack of exponent blinding in mpi_powm and improper window size, enabling side-channel leakage in OpenPGP scenarios. Affected products include environments using libgcrypt w...
CVE-2018-0495
CVE-2018-0495 affects Libgcrypt prior to 1.7.10 and 1.8.x prior to 1.8.3. The root cause is a memory-cache side-channel (ROHNP) in the ECDSA signing path (_gcry_ecc_ecdsa_sign in cipher/ecc-ecdsa.c), enabling an attacker with local or co-resident VM access to recover ECDSA private keys. Mitigatio...
CVE-2019-12904
CVE-2019-12904 affects Libgcrypt 1.8.4’s C AES implementation. The vulnerability arises from a flush-and-reload side-channel when physical addresses are exposed to other processes (used on platforms lacking an assembly AES). IBM’s bulletin lists the CVE and notes the vendor’s position that the is...
CVE-2021-40528
The issue is a vulnerability in Libgcrypt’s ElGamal implementation prior to 1.9.4 where, during interaction between two cryptographic libraries, a specific combination of the receiver’s public-key prime and generator with the sender’s ephemeral exponents can enable plaintext recovery via a cross-...
CVE-2016-6313
CVE-2016-6313 documents a design flaw in Libgcrypt’s random-number generator mixing functions (affecting Libgcrypt <1.5.6, <1.6.6 in 1.6.x, <1.7.3 in 1.7.x, and GnuPG
CVE-2017-7526
GnuPG/libgcrypt: CVE-2017-7526 affects libgcrypt before 1.7.8, allowing a cache-side-channel attack that can fully recover RSA-1024 private keys (and likely RSA-2048 with more effort) when the attacker can run code on the same hardware. Connected sources confirm the vulnerability exists in libgcr...
CVE-2015-7511
CVE-2015-7511 affects Libgcrypt up to version 1.6.4 (pre-1.6.5). The issue is an improper elliptic‑point curve multiplication during decryption that enables physical side‑channel leakage of ECDH private keys via electromagnetic emanations. Remediation is upgrading Libgcrypt to fixed releases (e.g...
CVE-2014-3591
CVE-2014-3591 affects Libgcrypt (before 1.6.3) and GnuPG (before 1.4.19), which do not implement ciphertext blinding for ElGamal decryption, enabling physically proximate attackers to potentially extract private keys via crafted ciphertext and EM field fluctuations during multiplication. Related ...
CVE-2017-9526
CVE-2017-9526 affects Libgcrypt prior to 1.7.7, where an attacker who observes the EdDSA session key during signing can recover the long-term secret key. Version 1.7.7 changes libgcrypt/ ecc-eddsa.c to store the session key in secure memory and ensures constant-time point operations in the MPI li...
CVE-2017-0379
CVE-2017-0379 affects libgcrypt before 1.8.1, where Curve25519 side-channel attacks could allow a local attacker to recover a secret key. Public advisories indicate the flaw in cipher/ecc.c and mpi/ec.c can enable private-key recovery on multi-user systems or VMs. Remediation is to upgrade to lib...
CVE-2013-4242
CVE-2013-4242 affects GnuPG before 1.4.14 and Libgcrypt before 1.5.3 (as used in GnuPG 2.0.x), enabling a local user to obtain private RSA keys via a cache side-channel (Flush+Reload) on the L3 cache. The root cause is a cache side-channel leak in the RSA key handling within GnuPG/Libgcrypt. Docu...
CVE-2021-3345
The CVE-2021-3345 entry concerns Libgcrypt: the function gcry_md_block_write in cipher/hash-common.c on Libgcrypt 1.9.0 suffers a heap-based buffer overflow when the digest final function handles a large count. The identified remediation is to upgrade to Libgcrypt 1.9.1 or later. Impact details a...
CVE-2026-41989
Libgcrypt before 1.12.2 is affected by CVE-2026-41989, where a heap-based buffer overflow can occur via crafted ECDH ciphertext to gcry_pk_decrypt, enabling denial of service. Vulnerable component: Libgcrypt crypto library (ECDH/decrypt path). Impact: DoS (potential crash) as described. Mitigatio...
CVE-2015-0837
CVE-2015-0837 affects Libgcrypt (before 1.6.3) and GnuPG (before 1.4.19). It enables a timing side-channel attack on modular exponentiation using a pre-computed table, related to a Last-Level Cache side-channel attack. The description notes the timing differences that could allow an attacker to o...
CVE-2014-5270
Libgcrypt prior to 1.5.4, used in GnuPG and other products, has a weakness in ciphertext normalization and ciphertext randomization. This side-channel condition could allow physically proximate attackers to perform key-extraction attacks by collecting voltage data from exposed metal. The CVE entr...
CVE-2018-6829
CVE-2018-6829 affects Libgcrypt’s ElGamal (cipher/elgamal.c) up to version 1.8.2. When used to encrypt messages directly, it can improperly encode plaintexts, allowing a ciphertext-only attacker to recover sensitive information. The issue is tied to Libgcrypt’s DDH assumption not holding for its ...
CVE-2026-41990
CVE-2026-41990 affects Libgcrypt prior to 1.12.2, where Dilithium signing mishandles a static array write that lacks a bounds check. The issue does not use attacker-controlled data. CVSSv3.1 base metrics indicate a Medium risk (4.0) with LOCAL attack vector, HIGH complexity, NONE privileges, and ...