CVE-2017-7526
Published: 29 June 2017
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.
Priority
CVSS 3 base score: 6.8
Status
Package | Release | Status |
---|---|---|
gnupg Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
precise |
Released
(1.4.11-3ubuntu2.12)
|
|
trusty |
Released
(1.4.16-1ubuntu2.6)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(1.4.20-1ubuntu3.3)
|
|
gnupg1 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
cosmic |
Not vulnerable
|
|
disco |
Not vulnerable
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
libgcrypt11 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
precise |
Released
(1.5.0-3ubuntu0.7)
|
|
trusty |
Released
(1.5.3-2ubuntu4.5)
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
libgcrypt20 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(1.7.8-1)
|
bionic |
Not vulnerable
(1.7.8-1)
|
|
cosmic |
Not vulnerable
(1.7.8-1)
|
|
disco |
Not vulnerable
(1.7.8-1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(1.7.8-1)
|
|
xenial |
Released
(1.6.5-2ubuntu0.3)
|
|
yakkety |
Released
(1.7.2-2ubuntu1.1)
|
|
zesty |
Released
(1.7.6-1ubuntu0.1)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526
- https://eprint.iacr.org/2017/627
- https://ubuntu.com/security/notices/USN-3347-1
- https://ubuntu.com/security/notices/USN-3347-2
- https://ubuntu.com/security/notices/USN-3733-1
- https://ubuntu.com/security/notices/USN-3733-2
- NVD
- Launchpad
- Debian