Lucene search

Veracode Vulnerability DatabaseVERACODE:45087

HistoryJan 19, 2024 - 9:02 a.m.

Side Channel Vulnerability

2024-01-1909:02:47

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libgcrypt

curve25519

input validation

side channel attack

private key

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.2%

JSON

Libgcrypt is vulnerable to Side Channel Vulnerability. The vulnerability is due to improper input validation within the Curve25519 algorithm located in cipher/ecc.c and mpi/ec.c. An attacker can possibly exfiltrate the private key as a result of this side channel attack.

CPENameOperatorVersion
libgcrypt.sole20.1.10
libgcrypt.sole20.1.10

CPE	Name	Operator	Version
	libgcrypt.so	le	20.1.10
	libgcrypt.so	le	20.1.10

References

bugzilla.suse.com/show_bug.cgi?id=1055837

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.2%

JSON

Related for VERACODE:45087