PT-2015-4906 · Gnu+3 · Libgcrypt+4

Yuval Yarum

Published

2015-03-02

Updated

2024-06-15

CVE-2015-0837

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Libgcrypt versions prior to 1.6.3 GnuPG versions prior to 1.4.19

Description The issue allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack." This occurs in the mpi powm function.

Recommendations For Libgcrypt versions prior to 1.6.3, update to version 1.6.3 or later. For GnuPG versions prior to 1.4.19, update to version 1.4.19 or later.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

ALT-PU-2015-1541

ALT-PU-2015-2052

CVE-2015-0837

DLA-175-1

DLA-190-1

DSA-3184-1

DSA-3185-1

MGASA-2015-0104

MGASA-2015-0360

OPENSUSE-SU-2024:10037-1

SUSE-SU-2015:1511-1

SUSE-SU-2015:1626-1

SUSE-SU-2015_1511-1

USN-2554-1

USN-2555-1

Affected Products

Alt Linux

Gnupg

Libgcrypt

Suse

Ubuntu

PT-2015-4906 · Gnu+3 · Libgcrypt+4

CVE-2015-0837

Weakness Enumeration

Related Identifiers

Affected Products

References · 62