CVE-2015-7511Sensitive Information Exposure in Libgcrypt

CWE-200Sensitive Information Exposure12 documents9 sources
Severity
2.0LOWNVD
EPSS
0.0%
top 84.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Gnupg LibgcryptCanonical Ubuntu LinuxDebian Linux
Timeline
PublishedApr 19
Latest updateMay 17

Description

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.

CVSS vector

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 0.5 | Impact: 1.4

Affected Packages1 packages

NVDgnupg/libgcrypt1.6.4

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.10

🔴Vulnerability Details

3
GHSA
GHSA-2c62-8p8p-hh5w: Libgcrypt before 12022-05-17
CVEList
CVE-2015-7511: Libgcrypt before 12016-04-19
OSV
CVE-2015-7511: Libgcrypt before 12016-04-19

📋Vendor Advisories

4
Microsoft
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring elect2016-04-12
Ubuntu
Libgcrypt vulnerability2016-02-15
Red Hat
libgcrypt: side-channel attack on ECDH with Weierstrass curves2016-02-08
Debian
CVE-2015-7511: libgcrypt20 - Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplica...2015

💬Community

4
Bugzilla
CVE-2015-7511 libgcrypt: side-channel attack on ECDH with Weierstrass curves [fedora-all]2016-02-10
Bugzilla
CVE-2015-7511 mingw-libgcrypt: libgcrypt: side-channel attack on ECDH with Weierstrass curves [fedora-all]2016-02-10
Bugzilla
CVE-2015-7511 mingw-libgcrypt: libgcrypt: side-channel attack on ECDH with Weierstrass curves [epel-7]2016-02-10
Bugzilla
CVE-2015-7511 libgcrypt: side-channel attack on ECDH with Weierstrass curves2016-02-10
CVE-2015-7511 — Sensitive Information Exposure | cvebase