CVE search results

11 – 16 of 16 results

Detailed view

Sort by:

CVE-2017-0379

Medium priority

Fixed

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.

2 affected packages

libgcrypt11, libgcrypt20

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libgcrypt11	—	—	—	—
libgcrypt20	—	—	—	—

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by...

4 affected packages

gnupg, gnupg2, libgcrypt11, libgcrypt20

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gnupg	—	—	—	Not in release
gnupg2	—	—	—	Not affected
libgcrypt11	—	—	—	Not in release
libgcrypt20	—	—	—	Fixed

CVE-2015-7511

Medium priority

Fixed

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.

2 affected packages

libgcrypt11, libgcrypt20

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libgcrypt11	—	—	—	Not in release
libgcrypt20	—	—	—	Not affected

CVE-2015-0837

Low priority

Fixed

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related...

3 affected packages

libgcrypt11, gnupg, libgcrypt20

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libgcrypt11	—	—	—	—
gnupg	—	—	—	—
libgcrypt20	—	—	—	—

CVE-2014-5270

Medium priority

Fixed

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction...

3 affected packages

gnupg, libgcrypt11, libgcrypt20

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gnupg	—	—	—	—
libgcrypt11	—	—	—	—
libgcrypt20	—	—	—	—

CVE-2014-3591

Low priority

Fixed

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted...

3 affected packages

gnupg, libgcrypt11, libgcrypt20

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gnupg	—	—	—	—
libgcrypt11	—	—	—	—
libgcrypt20	—	—	—	—

Export to JSON

Results by page:

Search CVE reports

CVE-2017-0379

CVE-2016-6313

CVE-2015-7511

CVE-2015-0837

CVE-2014-5270

CVE-2014-3591