Home

CVE-2017-7526

Description

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.

Risk Information

Base Score
6.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score
Exploitation Probability
2.567

Associated Vulnerability

VulnerabilityOS Platform
LGPL Crypto library (USN-3065-1) libgcrypt11_1.5.3-2ubuntu4.5_i386.debLinux
LGPL Crypto library (USN-3065-1) libgcrypt11_1.5.3-2ubuntu4.5_amd64.debLinux
LGPL Crypto library (USN-3065-1) libgcrypt20_1.6.5-2ubuntu0.3_i386.debLinux
LGPL Crypto library (USN-3065-1) libgcrypt20_1.6.5-2ubuntu0.3_amd64.debLinux
Libgcrypt vulnerabilities (USN-3347-1) libgcrypt11_1.5.3-2ubuntu4.5-i386.debLinux
Libgcrypt vulnerabilities (USN-3347-1) libgcrypt11_1.5.3-2ubuntu4.5-amd64.debLinux
Libgcrypt vulnerabilities (USN-3347-1) libgcrypt20_1.6.5-2ubuntu0.3-i386.debLinux
Libgcrypt vulnerabilities (USN-3347-1) libgcrypt20_1.6.5-2ubuntu0.3-amd64.debLinux
Libgcrypt vulnerabilities (USN-3347-1) libgcrypt20_1.7.2-2ubuntu1.1_i386.debLinux
Libgcrypt vulnerabilities (USN-3347-1) libgcrypt20_1.7.2-2ubuntu1.1_amd64.debLinux
GNU privacy guard - a free PGP replacement (USN-3733-1) gpgv_1.4.16-1ubuntu2.6_i386.debLinux
GNU privacy guard - a free PGP replacement (USN-3733-1) gpgv_1.4.16-1ubuntu2.6_amd64.debLinux
GNU privacy guard - a free PGP replacement (USN-3733-1) gpgv_1.4.20-1ubuntu3.3_i386.debLinux
GNU privacy guard - a free PGP replacement (USN-3733-1) gpgv_1.4.20-1ubuntu3.3_amd64.debLinux
GNU privacy guard - a free PGP replacement (USN-3733-1) gnupg-curl_1.4.16-1ubuntu2.6_i386.debLinux
GNU privacy guard - a free PGP replacement (USN-3733-1) gnupg-curl_1.4.16-1ubuntu2.6_amd64.debLinux
GNU privacy guard - a free PGP replacement (USN-3733-1) gnupg-curl_1.4.20-1ubuntu3.3_i386.debLinux
GNU privacy guard - a free PGP replacement (USN-3733-1) gnupg-curl_1.4.20-1ubuntu3.3_amd64.debLinux
SUSE-SU-2017:1793-1(SUSE Linux Enterprise Server 11-SP4 ) libgcrypt11-1.5.0-0.25.1.x86_64.rpmLinux
SUSE-SU-2017:1793-1(SUSE Linux Enterprise Server 11-SP4 ) libgcrypt11-32bit-1.5.0-0.25.1.x86_64.rpmLinux
SUSE-SU-2017:1794-1(SUSE Linux Enterprise Desktop 12-SP2 ) libgcrypt-debugsource-1.6.1-16.42.1.x86_64.rpmLinux
SUSE-SU-2017:1794-1(SUSE Linux Enterprise Desktop 12-SP2 ) libgcrypt20-1.6.1-16.42.1.x86_64.rpmLinux
SUSE-SU-2017:1794-1(SUSE Linux Enterprise Desktop 12-SP2 ) libgcrypt20-32bit-1.6.1-16.42.1.x86_64.rpmLinux
SUSE-SU-2017:1794-1(SUSE Linux Enterprise Desktop 12-SP2 ) libgcrypt20-debuginfo-1.6.1-16.42.1.x86_64.rpmLinux
SUSE-SU-2017:1794-1(SUSE Linux Enterprise Desktop 12-SP2 ) libgcrypt20-debuginfo-32bit-1.6.1-16.42.1.x86_64.rpmLinux
SUSE-SU-2017:1794-1(SUSE Linux Enterprise Server 12-SP2 ) libgcrypt20-hmac-1.6.1-16.42.1.x86_64.rpmLinux
SUSE-SU-2017:1794-1(SUSE Linux Enterprise Server 12-SP2 ) libgcrypt20-hmac-32bit-1.6.1-16.42.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234