Search CVE reports
11 – 16 of 16 results
CVE-2017-9526
Low priorityIn Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this...
2 affected packages
libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgcrypt11 | — | — | — | Not in release | Not in release |
libgcrypt20 | — | — | — | Not affected | Fixed |
CVE-2016-6313
High priorityThe mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by...
4 affected packages
gnupg, gnupg2, libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | — | — | — | Not in release | Fixed |
gnupg2 | — | — | — | Not affected | Not affected |
libgcrypt11 | — | — | — | Not in release | Not in release |
libgcrypt20 | — | — | — | Fixed | Fixed |
CVE-2015-7511
Medium priorityLibgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.
2 affected packages
libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgcrypt11 | — | — | — | Not in release | Not in release |
libgcrypt20 | — | — | — | Not affected | Not affected |
CVE-2015-0837
Low priorityThe mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related...
3 affected packages
gnupg, libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | — | — | — | — | — |
libgcrypt11 | — | — | — | — | — |
libgcrypt20 | — | — | — | — | — |
CVE-2014-3591
Low priorityLibgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted...
3 affected packages
gnupg, libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | — | — | — | — | — |
libgcrypt11 | — | — | — | — | — |
libgcrypt20 | — | — | — | — | — |
CVE-2014-5270
Medium priorityLibgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction...
3 affected packages
gnupg, libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | — | — | — | — | — |
libgcrypt11 | — | — | — | — | — |
libgcrypt20 | — | — | — | — | — |