Lucene search
K

6 matches found

CVE
CVE
added 2021/06/08 12:0 a.m.459 views

CVE-2021-33560

CVE-2021-33560 affects Libgcrypt 1.8.x (before 1.8.8) and 1.9.x (before 1.9.3). The issue is a mishandling of ElGamal due to lack of exponent blinding in mpi_powm and improper window size, enabling side-channel leakage in OpenPGP scenarios. Affected products include environments using libgcrypt w...

7.5CVSS7.5AI score0.02342EPSS
CVE
CVE
added 2018/06/13 11:0 p.m.400 views

CVE-2018-0495

CVE-2018-0495 affects Libgcrypt prior to 1.7.10 and 1.8.x prior to 1.8.3. The root cause is a memory-cache side-channel (ROHNP) in the ECDSA signing path (_gcry_ecc_ecdsa_sign in cipher/ecc-ecdsa.c), enabling an attacker with local or co-resident VM access to recover ECDSA private keys. Mitigatio...

4.7CVSS5.5AI score0.00887EPSS
CVE
CVE
added 2021/09/06 12:0 a.m.308 views

CVE-2021-40528

The issue is a vulnerability in Libgcrypt’s ElGamal implementation prior to 1.9.4 where, during interaction between two cryptographic libraries, a specific combination of the receiver’s public-key prime and generator with the sender’s ephemeral exponents can enable plaintext recovery via a cross-...

5.9CVSS5.7AI score0.01423EPSS
CVE
CVE
added 2018/07/26 1:0 p.m.212 views

CVE-2017-7526

GnuPG/libgcrypt: CVE-2017-7526 affects libgcrypt before 1.7.8, allowing a cache-side-channel attack that can fully recover RSA-1024 private keys (and likely RSA-2048 with more effort) when the attacker can run code on the same hardware. Connected sources confirm the vulnerability exists in libgcr...

6.8CVSS6.4AI score0.03885EPSS
CVE
CVE
added 2019/11/29 9:2 p.m.162 views

CVE-2014-3591

CVE-2014-3591 affects Libgcrypt (before 1.6.3) and GnuPG (before 1.4.19), which do not implement ciphertext blinding for ElGamal decryption, enabling physically proximate attackers to potentially extract private keys via crafted ciphertext and EM field fluctuations during multiplication. Related ...

4.2CVSS4.8AI score0.00576EPSS
CVE
CVE
added 2019/11/29 9:10 p.m.109 views

CVE-2015-0837

CVE-2015-0837 affects Libgcrypt (before 1.6.3) and GnuPG (before 1.4.19). It enables a timing side-channel attack on modular exponentiation using a pre-computed table, related to a Last-Level Cache side-channel attack. The description notes the timing differences that could allow an attacker to o...

5.9CVSS5.4AI score0.01952EPSS