CVE-2019-13627 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.3 MEDIUM	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Vendor	Product	Version
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.04
canonical	ubuntu_linux	19.10
opensuse	leap	15.0
opensuse	leap	15.1
libgcrypt20_project	libgcrypt20	1.6.3-2\+deb8u4
libgcrypt20_project	libgcrypt20	1.7.6-2\+deb9u3
libgcrypt20_project	libgcrypt20	1.8.4-5

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libgcrypt20

bullseye	1.8.7-6 fixed
buster	no-dsa
stretch	no-dsa
bookworm	1.10.1-3 fixed
sid	1.11.0-6 fixed
trixie	1.11.0-6 fixed

Ubuntu Releases

Ubuntu Product

Codename

libgcrypt11

eoan	dne
disco	dne
bionic	dne
xenial	dne
trusty	Fixed 1.5.3-2ubuntu4.6+esm1 released

libgcrypt20

eoan	Fixed 1.8.4-5ubuntu2.1 released
disco	Fixed 1.8.4-3ubuntu1.1 released
bionic	Fixed 1.8.1-4ubuntu1.2 released
xenial	Fixed 1.6.5-2ubuntu0.6 released
trusty	dne

Common Weakness Enumeration

CWE-203 - Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html

http://www.openwall.com/lists/oss-security/2019/10/02/2

https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5

https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html

https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html

https://minerva.crocs.fi.muni.cz/

https://security-tracker.debian.org/tracker/CVE-2019-13627

https://security.gentoo.org/glsa/202003-32

https://usn.ubuntu.com/4236-1/

https://usn.ubuntu.com/4236-2/

https://usn.ubuntu.com/4236-3/

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html

http://www.openwall.com/lists/oss-security/2019/10/02/2

https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5

https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html

https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html

https://minerva.crocs.fi.muni.cz/

https://security-tracker.debian.org/tracker/CVE-2019-13627

https://security.gentoo.org/glsa/202003-32

https://usn.ubuntu.com/4236-1/

https://usn.ubuntu.com/4236-2/

https://usn.ubuntu.com/4236-3/