Описание
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.8.1-4ubuntu1.3 |
| devel | released | 1.8.7-5ubuntu2 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 1.8.1-4ubuntu1.3 |
| esm-infra/focal | not-affected | 1.8.5-5ubuntu1.1 |
| esm-infra/xenial | released | 1.6.5-2ubuntu0.6+esm1 |
| fips-preview/jammy | released | 1.8.7-5ubuntu2 |
| fips-updates/bionic | released | 1.8.1-4ubuntu1.fips.3 |
| fips-updates/focal | released | 1.8.5-5ubuntu1.fips.1.1 |
| fips-updates/jammy | released | 1.8.7-5ubuntu2 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encry ...
EPSS
5 Medium
CVSS2
7.5 High
CVSS3