Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv3

CVE-2017-7526

Published: 26/07/2018 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.8 | Impact Score: 4 | Exploitability Score: 2.2
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Libgcrypt

Vulnerability Summary

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnupg libgcrypt

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

debian debian linux 8.0

debian debian linux 9.0

Vendor Advisories

Debian Security Advisories: DSA-3901-1 libgcrypt20 -- security update
Daniel J Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024 See eprintiacrorg/2017/627 for details For the oldstable distribution (jessie), this ...
Ubuntu Security Notice: gnupg vulnerability
GnuPG could be made to expose sensitive information ...
Ubuntu Security Notice: gnupg vulnerability
GnuPG could be made to expose sensitive information ...
Ubuntu Security Notice: libgcrypt11, libgcrypt20 vulnerabilities
Several security issues were fixed in Libgcrypt ...
Ubuntu Security Notice: libgcrypt11 vulnerability
Several security issues were fixed in Libgcrypt ...
Red Hat: CVE-2017-7526
libgcrypt before version 178 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion The same attack is believed to work on RSA-2048 with moderately more computation This side-channel requires that attacker can run arbitrary software ...
Arch Linux Issues:
The pattern of squarings and multiplications in left-to-right sliding windows in libgcrypt <= 177 leaks significant information about exponent bits, allowing for the very efficient recovery of a full 1024-bit RSA key ...

References

CWE-310https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.htmlhttps://eprint.iacr.org/2017/627https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526https://www.debian.org/security/2017/dsa-3960https://www.debian.org/security/2017/dsa-3901http://www.securitytracker.com/id/1038915http://www.securityfocus.com/bid/99338https://usn.ubuntu.com/3733-1/https://usn.ubuntu.com/3733-2/https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=78130828e9a140a9de4dafadbc844dbb64cb709ahttps://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=e6a3dc9900433bbc8ad362a595a3837318c28fa9https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=8725c99ffa41778f382ca97233183bcd687bb0cehttps://nvd.nist.govhttps://www.debian.org/security/./dsa-3901https://usn.ubuntu.com/3733-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook