Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libgcrypt20 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2236
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote malicious user to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
1 Github repository
7.2
CVSSv2
CVE-2021-3345
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.
Gnupg Libgcrypt 1.9.0
Oracle Communications Billing And Revenue Management 12.0.0.3.0
2 Github repositories
4.3
CVSSv2
CVE-2015-0837
The mpi_powm function in Libgcrypt prior to 1.6.3 and GnuPG prior to 1.4.19 allows malicious users to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel ...
Gnupg Gnupg
Gnupg Libgcrypt
Debian Debian Linux 7.0
Debian Debian Linux 8.0
1.9
CVSSv2
CVE-2014-3591
Libgcrypt prior to 1.6.3 and GnuPG prior to 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate malicious users to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the ...
Gnupg Gnupg
Gnupg Libgcrypt
Debian Debian Linux 7.0
Debian Debian Linux 8.0
2.6
CVSSv2
CVE-2019-13627
It exists that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Opensuse Leap 15.0
Opensuse Leap 15.1
Libgcrypt20 Project Libgcrypt20 1.6.3-2\\+deb8u4
Libgcrypt20 Project Libgcrypt20 1.7.6-2\\+deb9u3
Libgcrypt20 Project Libgcrypt20 1.8.4-5
1 Github repository
4.3
CVSSv2
CVE-2017-7526
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computatio...
Gnupg Libgcrypt
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5
CVSSv2
CVE-2017-0379
Libgcrypt prior to 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for malicious users to discover a secret key, related to cipher/ecc.c and mpi/ec.c.
Gnupg Libgcrypt
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2017-9526
In Libgcrypt prior to 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that con...
Gnupg Libgcrypt
1.9
CVSSv2
CVE-2015-7511
Libgcrypt prior to 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate malicious users to extract ECDH keys by measuring electromagnetic emanations.
Gnupg Libgcrypt
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started