Lucene search

Veracode Vulnerability DatabaseVERACODE:7248

HistoryAug 07, 2018 - 6:10 a.m.

Side-Channel Attack

2018-08-0706:10:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

JSON

libgcrypt.so is vulnerable to side-channel attacks. The elliptic-point curve multiplication during decryption is not properly performed, which allows attackers within close proximity to extract the secret decryption key within seconds by measuring electromagnetic emanations.

CPENameOperatorVersion
libgcrypt.sole20.3.4

CPE	Name	Operator	Version
	libgcrypt.so	le	20.3.4

References

www.cs.tau.ac.il/~tromer/ecdh/

github.com/gpg/libgcrypt/commit/23b72901f8a5ba9a78485b235c7a917fbc8faae0

github.com/gpg/libgcrypt/commit/4a19b195697e0b6534d28de9401ae3e9d86adb42

2 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:7248