Описание
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | released | 1.4.16-1ubuntu2.6 |
| esm-infra/xenial | released | 1.4.20-1ubuntu3.3 |
| precise/esm | not-affected | 1.4.11-3ubuntu2.12 |
| trusty | released | 1.4.16-1ubuntu2.6 |
| trusty/esm | released | 1.4.16-1ubuntu2.6 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| cosmic | not-affected | |
| devel | not-affected | |
| disco | not-affected | |
| esm-apps/bionic | not-affected | |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | released | 1.5.3-2ubuntu4.5 |
| precise/esm | not-affected | 1.5.0-3ubuntu0.7 |
| trusty | released | 1.5.3-2ubuntu4.5 |
| trusty/esm | released | 1.5.3-2ubuntu4.5 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 1.7.8-1 |
| bionic | not-affected | 1.7.8-1 |
| cosmic | not-affected | 1.7.8-1 |
| devel | not-affected | 1.7.8-1 |
| disco | not-affected | 1.7.8-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| esm-infra/bionic | not-affected | 1.7.8-1 |
| esm-infra/xenial | released | 1.6.5-2ubuntu0.3 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel a ...
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3