Lucene search

K

6 matches found

CVE
CVE
added 2021/06/08 11:15 a.m.412 views

CVE-2021-33560

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

7.5CVSS7.5AI score0.0053EPSS
CVE
CVE
added 2018/06/13 11:29 p.m.373 views

CVE-2018-0495

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP....

4.7CVSS5.5AI score0.00313EPSS
CVE
CVE
added 2021/09/06 7:15 p.m.276 views

CVE-2021-40528

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's eph...

5.9CVSS5.7AI score0.00097EPSS
CVE
CVE
added 2018/07/26 1:29 p.m.175 views

CVE-2017-7526

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channe...

6.8CVSS6.4AI score0.02345EPSS
CVE
CVE
added 2019/11/29 10:15 p.m.135 views

CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multi...

4.2CVSS4.8AI score0.00141EPSS
CVE
CVE
added 2019/11/29 10:15 p.m.88 views

CVE-2015-0837

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."

5.9CVSS5.4AI score0.00551EPSS