Side Channel Attack

2019-12-0406:58:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

41.4%

JSON

libgcrypt.so is vulnerable to side-channel attack. The vulnerability exists as the library fails to perform ciphertext blinding for the Elgamal decryption, allowing a local attacker to compromise the server’s private key through a crafted ciphertext and analyzing the fluctuations in the electromagnetic field during multiplication.

CPENameOperatorVersion
libgcrypt.sole11.8.2

CPE	Name	Operator	Version
	libgcrypt.so	le	11.8.2

References

www.cs.tau.ac.il/~tromer/radioexp/

www.debian.org/security/2015/dsa-3184

www.debian.org/security/2015/dsa-3185

lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html

lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html

0.001 Low

EPSS

Percentile

41.4%

JSON

Related for VERACODE:22096