CVE-2015-7511

EUVD-2015-7432
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2 LOW
PHYSICAL
HIGH
NONE
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
gnupglibgcrypt
𝑥
≤ 1.6.4
debiandebian_linux
7.0
debiandebian_linux
8.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
15.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libgcrypt20
bookworm
1.10.1-3
fixed
bullseye
1.8.7-6
fixed
sid
1.11.0-6
fixed
squeeze
not-affected
trixie
1.11.0-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libgcrypt11
artful
dne
bionic
dne
cosmic
dne
disco
dne
precise
Fixed 1.5.0-3ubuntu0.5
released
trusty
Fixed 1.5.3-2ubuntu4.3
released
wily
dne
xenial
dne
yakkety
dne
zesty
dne
libgcrypt20
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
precise
dne
trusty
dne
wily
Fixed 1.6.3-2ubuntu1.1
released
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2016-05/msg00027.html
http://www.cs.tau.ac.IL/~tromer/ecdh/
http://www.debian.org/security/2016/dsa-3474
http://www.debian.org/security/2016/dsa-3478
http://www.securityfocus.com/bid/83253
http://www.ubuntu.com/usn/USN-2896-1
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W2IL4PAEICHGA2XMQYRY3MIWHM4GMPAG/
https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html
https://security.gentoo.org/glsa/201610-04
http://lists.opensuse.org/opensuse-updates/2016-05/msg00027.html
http://www.cs.tau.ac.IL/~tromer/ecdh/
http://www.debian.org/security/2016/dsa-3474
http://www.debian.org/security/2016/dsa-3478
http://www.securityfocus.com/bid/83253
http://www.ubuntu.com/usn/USN-2896-1
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W2IL4PAEICHGA2XMQYRY3MIWHM4GMPAG/
https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html
https://security.gentoo.org/glsa/201610-04