CVE-2015-0837Observable Discrepancy in Gnupg

CWE-203Observable Discrepancy15 documents8 sources
Severity
5.9MEDIUMNVD
OSV4.2
EPSS
0.7%
top 28.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
GnupgGnupg LibgcryptGNU Gnupg+2 more
Timeline
PublishedNov 29
Latest updateMay 24

Description

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages5 packages

NVDgnupg/libgcrypt< 1.6.3
NVDgnupg/gnupg< 1.4.19
Ubuntugnupg/gnupg< 1.4.16-1ubuntu2.3
CVEListV5gnu/gnupgbefore 1.4.19
CVEListV5gnu/libgcryptbefore 1.6.3

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

5
GHSA
GHSA-3ccv-3j4f-926q: The mpi_powm function in Libgcrypt before 12022-05-24
OSV
CVE-2015-0837: The mpi_powm function in Libgcrypt before 12019-11-29
CVEList
CVE-2015-0837: The mpi_powm function in Libgcrypt before 12019-11-29
OSV
libgcrypt11, libgcrypt20 vulnerabilities2015-04-01
OSV
gnupg, gnupg2 vulnerabilities2015-04-01

📋Vendor Advisories

4
Ubuntu
Libgcrypt vulnerabilities2015-04-01
Ubuntu
GnuPG vulnerabilities2015-04-01
Red Hat
libgcrypt: last-level cache side-channel attack2015-02-27
Debian
CVE-2015-0837: libgcrypt20 - The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows a...2015

💬Community

5
Bugzilla
CVE-2015-0837 CVE-2014-3591 gnupg: various flaws [fedora-all]2015-03-03
Bugzilla
CVE-2015-0837 CVE-2014-3591 mingw-libgcrypt: various flaws [epel-all]2015-03-03
Bugzilla
CVE-2015-0837 libgcrypt: last-level cache side-channel attack2015-03-03
Bugzilla
CVE-2015-0837 CVE-2014-3591 libgcrypt: various flaws [fedora-all]2015-03-03
Bugzilla
CVE-2015-0837 CVE-2014-3591 mingw-libgcrypt: various flaws [fedora-all]2015-03-03