CVE-2017-0379

Опубликовано: 27 авг. 2017

Источник: redhat

CVSS3: 4.4

EPSS Низкий

Описание

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	libgcrypt	Not affected
Red Hat Enterprise Linux 6	libgcrypt	Not affected
Red Hat Enterprise Linux 7	libgcrypt	Not affected
Red Hat Enterprise Virtualization 3	mingw-virt-viewer	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1485921libgcrypt: Missing input validation for X25519 curve

EPSS

Процентиль: 83%

0.01856

Низкий

4.4 Medium

CVSS3

Связанные уязвимости

CVE-2017-0379

CVSS3: 7.5

ubuntu

больше 8 лет назад

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.

CVE-2017-0379

CVSS3: 7.5

nvd

больше 8 лет назад

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.

CVE-2017-0379

CVSS3: 7.5

debian

больше 8 лет назад

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-chan ...

GHSA-j848-fx94-98m4

CVSS3: 7.5

github

больше 3 лет назад

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.

EPSS

Процентиль: 83%

0.01856

Низкий

4.4 Medium

CVSS3