PT-2017-10555 · Gnu+2 · Libgcrypt+2

Daniel Genkin

Published

2017-08-29

Updated

2024-06-15

CVE-2017-0379

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Libgcrypt versions prior to 1.8.1

Description The issue makes it easier for attackers to discover a secret key due to not properly considering Curve25519 side-channel attacks, related to files cipher/ecc.c and mpi/ec.c.

Recommendations For versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2017-2224

ALT-PU-2018-2426

CVE-2017-0379

DSA-3959-1

MGASA-2017-0334

OPENSUSE-SU-2024:10941-1

Affected Products

Alt Linux

Libgcrypt

Ubuntu

PT-2017-10555 · Gnu+2 · Libgcrypt+2

CVE-2017-0379

Weakness Enumeration

Related Identifiers

Affected Products

References · 44