Your submission was sent successfully! Close

CVE-2017-7526

Published: 29 June 2017

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.

Priority

Medium

CVSS 3 base score: 6.8

Status

Package Release Status
gnupg
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

precise
Released (1.4.11-3ubuntu2.12)
trusty
Released (1.4.16-1ubuntu2.6)
upstream Needs triage

xenial
Released (1.4.20-1ubuntu3.3)
Patches:
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=b38f4489f75e6e435886aa885807738a22c7ff60
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=12029f83fd0ab3e8ad524f6c9135854662fddfd1
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=554ded4854758bf6ca268432fa087f946932a409
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=8fd9f72e1b2e578e45c98c978cab4f6d47683d2c
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=994d5b707559a800a650dc7f273372f509d74780





gnupg1
Launchpad, Ubuntu, Debian
bionic Not vulnerable

cosmic Not vulnerable

disco Not vulnerable

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

libgcrypt11
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise
Released (1.5.0-3ubuntu0.7)
trusty
Released (1.5.3-2ubuntu4.5)
upstream Needs triage

xenial Does not exist

yakkety Does not exist

zesty Does not exist

libgcrypt20
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1.7.8-1)
bionic Not vulnerable
(1.7.8-1)
cosmic Not vulnerable
(1.7.8-1)
disco Not vulnerable
(1.7.8-1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (1.7.8-1)
xenial
Released (1.6.5-2ubuntu0.3)
yakkety
Released (1.7.2-2ubuntu1.1)
zesty
Released (1.7.6-1ubuntu0.1)
Patches:





upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fbd10abc057453789017f11c7f1fc8e6c61b79a3
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=0e6788517eac6f508fa32ec5d5c1cada7fb980bc
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=a9f612def801c8145d551d995475e5d51a4c988c
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=aff5fd0f2650e24cf99efcd7b499627ea48782c3
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=312101e1f266314b4391fcdbe11c03de5c147e38