CVE-2017-7526 — Sensitive Information Exposure in Libgcrypt
Severity
6.8MEDIUMNVD
CNA6.1
EPSS
2.6%
top 14.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 26
Latest updateMay 13
Description
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 2.2 | Impact: 4.0
Affected Packages2 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04
Patches
🔴Vulnerability Details
4📋Vendor Advisories
6💬Community
4Bugzilla▶
CVE-2017-7526 libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery [fedora-all]↗2017-06-29
Bugzilla▶
CVE-2017-7526 mingw-libgcrypt: libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery [epel-7]↗2017-06-29
Bugzilla▶
CVE-2017-7526 mingw-libgcrypt: libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery [fedora-all]↗2017-06-29
Bugzilla▶
CVE-2017-7526 libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery↗2017-06-29