Search CVE reports
1 – 10 of 21 results
CVE-2024-2236
Low priorityA timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
2 affected packages
libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgcrypt11 | Not in release | Not in release | Not in release | — | — |
libgcrypt20 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2021-42006
Low priorityAn out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file.
5 affected packages
cufflinks, libgclib, libgff, stringtie, tophat
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cufflinks | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Ignored |
libgclib | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
libgff | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
stringtie | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
tophat | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2021-40528
Medium priorityThe ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the...
1 affected package
libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgcrypt20 | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2021-33560
Low prioritySome fixes available 11 of 12
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example,...
1 affected package
libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgcrypt20 | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2021-3345
High priority_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.
2 affected packages
libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgcrypt11 | — | — | Not in release | Not in release | Not in release |
libgcrypt20 | — | — | Not affected | Not affected | Not affected |
CVE-2019-13627
Medium priorityIt was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
2 affected packages
libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgcrypt11 | — | — | — | Not in release | Not in release |
libgcrypt20 | — | — | — | Fixed | Fixed |
CVE-2019-12904
Low priority** DISPUTED ** In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where...
2 affected packages
libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgcrypt11 | — | Not in release | Not in release | Not in release | Not in release |
libgcrypt20 | — | Not affected | Not affected | Not affected | Not affected |
CVE-2018-0495
Low prioritySome fixes available 18 of 19
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in...
6 affected packages
libgcrypt11, libgcrypt20, nss, openssl, openssl098, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgcrypt11 | — | — | — | Not in release | Not in release |
libgcrypt20 | — | — | — | Fixed | Fixed |
nss | — | — | — | Fixed | Fixed |
openssl | — | — | — | Fixed | Fixed |
openssl098 | — | — | — | Not in release | Not in release |
openssl1.0 | — | — | — | Fixed | Not in release |
CVE-2018-6829
Medium prioritycipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic...
3 affected packages
gnupg, libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | — | — | — | Not in release | Not affected |
libgcrypt11 | — | — | — | Not in release | Not in release |
libgcrypt20 | — | — | — | Not affected | Not affected |
CVE-2017-0379
Medium priorityLibgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.
2 affected packages
libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgcrypt11 | — | — | — | — | Not in release |
libgcrypt20 | — | — | — | — | Not affected |