Your submission was sent successfully! Close

CVE-2015-0837

Published: 2 March 2015

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."

Priority

Low

CVSS 3 base score: 5.9

Status

Package Release Status
gnupg
Launchpad, Ubuntu, Debian
lucid
Released (1.4.10-2ubuntu1.8)
precise
Released (1.4.11-3ubuntu2.9)
trusty
Released (1.4.16-1ubuntu2.3)
upstream
Released (1.4.18-7)
utopic
Released (1.4.16-1.2ubuntu1.2)
libgcrypt11
Launchpad, Ubuntu, Debian
lucid
Released (1.4.4-5ubuntu2.4)
precise
Released (1.5.0-3ubuntu0.4)
trusty
Released (1.5.3-2ubuntu4.2)
upstream Needed

utopic
Released (1.5.4-2ubuntu1.1)
libgcrypt20
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

trusty Does not exist
(trusty was released [1.6.1-2ubuntu1.14.04.1])
upstream
Released (1.6.3-2)
utopic
Released (1.6.1-2ubuntu1.14.10.1)