Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
384
VMScore

CVE-2015-0837

Published: 29/11/2019 Updated: 14/12/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Gnupg

Vulnerability Summary

The mpi_powm function in Libgcrypt prior to 1.6.3 and GnuPG prior to 1.4.19 allows malicious users to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnupg gnupg

gnupg libgcrypt

debian debian linux 7.0

debian debian linux 8.0

Vendor Advisories

Ubuntu Security Notice: libgcrypt11, libgcrypt20 vulnerabilities
Several security issues were fixed in Libgcrypt ...
Ubuntu Security Notice: gnupg, gnupg2 vulnerabilities
Several security issues were fixed in GnuPG ...
Debian Security Advisories: DSA-3185-1 libgcrypt11 -- security update
Multiple vulnerabilities were discovered in libgcrypt: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University Ciphertext blinding was enabled to counteract it Note that this may have a quite noticeable impact on Elgamal decryption performance CVE-201 ...
Debian Security Advisories: DSA-3184-1 gnupg -- security update
Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University Ciphertext blinding was enabled to counteract it Note that this may have a quite noticeable impact on Elgamal decryption p ...
Amazon Linux AMI: ALAS-2015-577
Fix a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak (CVE-2015-0837) Fix a side-channel attack which can potentially lead to an information leak (CVE-2014-3591) Libgcrypt before 154, as used in GnuPG and other products, does not properly perform ciphertext nor ...

References

CWE-203http://www.debian.org/security/2015/dsa-3185https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.htmlhttps://ieeexplore.ieee.org/document/7163050http://www.debian.org/security/2015/dsa-3184https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.htmlhttps://nvd.nist.govhttps://usn.ubuntu.com/2555-1/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook