CVE-2017-9526 — Sensitive Information Exposure in Libgcrypt

CWE-200 — Sensitive Information Exposure CWE-385 — Covert Timing Channel12 documents8 sources

Severity

5.9MEDIUMNVD

EPSS

0.7%

top 29.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnupg Libgcrypt

Timeline

PublishedJun 11

Latest updateMay 14

Description

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

▶NVDgnupg/libgcrypt1.7.6

Patches

Patch: bugzilla.suse.com ↗Patch: bugzilla.suse.com ↗

🔴Vulnerability Details

GHSA

GHSA-665h-28h9-qh6v: In Libgcrypt before 1↗2022-05-14

▶

OSV

libgcrypt11, libgcrypt20 vulnerabilities↗2017-07-03

▶

CVEList

CVE-2017-9526: In Libgcrypt before 1↗2017-06-11

▶

OSV

CVE-2017-9526: In Libgcrypt before 1↗2017-06-11

▶

📋Vendor Advisories

Ubuntu

Libgcrypt vulnerabilities↗2017-07-03

▶

Red Hat

libgcrypt: Possible timing attack on EdDSA session key↗2017-06-01

▶

Debian

CVE-2017-9526: libgcrypt20 - In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from si...↗2017

▶

💬Community

Bugzilla

CVE-2017-9526 libgcrypt: Possible timing attack on EdDSA session key↗2017-06-08

▶

Bugzilla

CVE-2017-9526 mingw-libgcrypt: libgcrypt: Possible timing attack on EdDSA session key [fedora-all]↗2017-06-08

▶

Bugzilla

CVE-2017-9526 libgcrypt: Possible timing attack on EdDSA session key [fedora-all]↗2017-06-08

▶

Bugzilla

CVE-2017-9526 mingw-libgcrypt: libgcrypt: Possible timing attack on EdDSA session key [epel-7]↗2017-06-08

▶