Itamar Pipman

**Name of the Vulnerable Software and Affected Versions** Libgcrypt versions prior to 1.6.5 **Description** The issue makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations due to improper elliptic-point curve multiplication during decryption. **Recommendations** For versions prior to 1.6.5, update to version 1.6.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libgcrypt versions prior to 1.5.4 **Description** The issue concerns the improper performance of ciphertext normalization and ciphertext randomization in libgcrypt, which can be exploited by physically proximate attackers to conduct key-extraction attacks. This is achieved by collecting voltage data from exposed metal, representing a different attack vector. The vulnerability can lead to a breach of confidentiality of protected information and can be exploited locally. **Recommendations** For libgcrypt versions prior to 1.5.4, update to version 1.5.4 or later to resolve the issue.