Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2017-0379

Published: 29/08/2017 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Libgcrypt prior to 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for malicious users to discover a secret key, related to cipher/ecc.c and mpi/ec.c.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnupg libgcrypt

debian debian linux 9.0

Vendor Advisories

Ubuntu Security Notice: libgcrypt20 vulnerability
Libgcrypt could be made to expose sensitive information ...
Debian CVElist Bug Report Logs: libgcrypt20: CVE-2017-0379: side-channel attack on Curve25519
Debian Bug report logs - #873383 libgcrypt20: CVE-2017-0379: side-channel attack on Curve25519 Package: src:libgcrypt20; Maintainer for src:libgcrypt20 is Debian GnuTLS Maintainers <pkg-gnutls-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 27 Aug 2017 09:51:01 UTC Sev ...
Debian Security Advisories: DSA-3959-1 libgcrypt20 -- security update
Daniel Genkin, Luke Valenta and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack against the ECDH encryption with Curve25519, allowing recovery of the private key See eprintiacrorg/2017/806 for details For the stable distribution (stretch), this problem has been fixed in version 176-2+deb9u2 For the unsta ...
Red Hat: CVE-2017-0379
Libgcrypt before 181 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/eccc and mpi/ecc ...
Arch Linux Issues:
Libgcrypt before 181 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/eccc and mpi/ecc On multi user systems or on boxes with virtual machines this attack may be used to steal private keys ...

References

CWE-200https://www.debian.org/security/2017/dsa-3959https://security-tracker.debian.org/tracker/CVE-2017-0379https://lists.debian.org/debian-security-announce/2017/msg00221.htmlhttps://eprint.iacr.org/2017/806https://bugs.debian.org/873383http://www.securityfocus.com/bid/100503http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttps://security.netapp.com/advisory/ntap-20180726-0002/http://www.securitytracker.com/id/1041294https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=da780c8183cccc8f533c8ace8211ac2cb2bdee7bhttps://nvd.nist.govhttps://usn.ubuntu.com/3417-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044client sideCVE-2021-47601deserializationCVE-2024-34994encryptionCVE-2021-47609CVE-2024-37079CVE-2024-38608
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook