Gnu · Libgcrypt · CVE-2017-7526
**Name of the Vulnerable Software and Affected Versions**
libgcrypt versions prior to 1.7.8
**Description**
The issue is related to a cache side-channel attack that can lead to a complete break of RSA-1024 and potentially RSA-2048 with increased computation. This attack requires the ability to run arbitrary software on the hardware where the private RSA key is used, allowing a local attacker to compromise data confidentiality by fully recovering the RSA key using the left-to-right method for computing the sliding-window expansion.
**Recommendations**
For libgcrypt versions prior to 1.7.8, update to version 1.7.8 or later to resolve the issue.