6 matches found
CVE-2021-33560
CVE-2021-33560 affects Libgcrypt 1.8.x (before 1.8.8) and 1.9.x (before 1.9.3). The issue is a mishandling of ElGamal due to lack of exponent blinding in mpi_powm and improper window size, enabling side-channel leakage in OpenPGP scenarios. Affected products include environments using libgcrypt w...
CVE-2018-0495
CVE-2018-0495 affects Libgcrypt prior to 1.7.10 and 1.8.x prior to 1.8.3. The root cause is a memory-cache side-channel (ROHNP) in the ECDSA signing path (_gcry_ecc_ecdsa_sign in cipher/ecc-ecdsa.c), enabling an attacker with local or co-resident VM access to recover ECDSA private keys. Mitigatio...
CVE-2021-40528
The issue is a vulnerability in Libgcrypt’s ElGamal implementation prior to 1.9.4 where, during interaction between two cryptographic libraries, a specific combination of the receiver’s public-key prime and generator with the sender’s ephemeral exponents can enable plaintext recovery via a cross-...
CVE-2017-7526
GnuPG/libgcrypt: CVE-2017-7526 affects libgcrypt before 1.7.8, allowing a cache-side-channel attack that can fully recover RSA-1024 private keys (and likely RSA-2048 with more effort) when the attacker can run code on the same hardware. Connected sources confirm the vulnerability exists in libgcr...
CVE-2014-3591
CVE-2014-3591 affects Libgcrypt (before 1.6.3) and GnuPG (before 1.4.19), which do not implement ciphertext blinding for ElGamal decryption, enabling physically proximate attackers to potentially extract private keys via crafted ciphertext and EM field fluctuations during multiplication. Related ...
CVE-2015-0837
CVE-2015-0837 affects Libgcrypt (before 1.6.3) and GnuPG (before 1.4.19). It enables a timing side-channel attack on modular exponentiation using a pre-computed table, related to a Last-Level Cache side-channel attack. The description notes the timing differences that could allow an attacker to o...