Your submission was sent successfully! Close

CVE-2017-7526

Published: 29 June 2017

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.

Priority

Medium

CVSS 3 base score: 6.8

Status

Package Release Status
gnupg
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

precise
Released (1.4.11-3ubuntu2.12)
trusty
Released (1.4.16-1ubuntu2.6)
upstream Needs triage

xenial
Released (1.4.20-1ubuntu3.3)
gnupg1
Launchpad, Ubuntu, Debian
bionic Not vulnerable

cosmic Not vulnerable

disco Not vulnerable

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

libgcrypt11
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise
Released (1.5.0-3ubuntu0.7)
trusty
Released (1.5.3-2ubuntu4.5)
upstream Needs triage

xenial Does not exist

yakkety Does not exist

zesty Does not exist

libgcrypt20
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1.7.8-1)
bionic Not vulnerable
(1.7.8-1)
cosmic Not vulnerable
(1.7.8-1)
disco Not vulnerable
(1.7.8-1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (1.7.8-1)
xenial
Released (1.6.5-2ubuntu0.3)
yakkety
Released (1.7.2-2ubuntu1.1)
zesty
Released (1.7.6-1ubuntu0.1)