CVE-2017-7526
26.07.2018, 13:29
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnupg | libgcrypt | 𝑥 < 1.7.8 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| gnupg1 |
| ||||||||||||
| gnupg2 |
| ||||||||||||
| libgcrypt20 |
|
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| gnupg |
| ||||||||||||||||
| gnupg1 |
| ||||||||||||||||
| libgcrypt11 |
| ||||||||||||||||
| libgcrypt20 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libgcrypt-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libgcrypt20 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libgcrypt20-32bit |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libgcrypt20-hmac |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libgcrypt20-hmac-32bit |
|
Common Weakness Enumeration
References