CVE-2017-7526

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-7526

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7526.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-7526

Related

Published

2018-07-26T13:29:00Z

Modified

2024-09-11T04:18:28.004181Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.

References

Affected packages

Alpine:v3.10 / gnupg1

Package

Name: gnupg1
Purl: pkg:apk/alpine/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.23-r0

Affected versions

1.*

1.4.16-r0

1.4.16-r1

1.4.16-r2

1.4.16-r3

1.4.16-r4

1.4.18-r0

1.4.19-r0

1.4.20-r0

1.4.21-r0

1.4.22-r0

1.4.22-r1

Alpine:v3.11 / gnupg1

Package

Name: gnupg1
Purl: pkg:apk/alpine/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.23-r0

Affected versions

1.*

1.4.16-r0

1.4.16-r1

1.4.16-r2

1.4.16-r3

1.4.16-r4

1.4.18-r0

1.4.19-r0

1.4.20-r0

1.4.21-r0

1.4.22-r0

1.4.22-r1

Alpine:v3.12 / gnupg1

Package

Name: gnupg1
Purl: pkg:apk/alpine/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.23-r0

Affected versions

1.*

1.4.16-r0

1.4.16-r1

1.4.16-r2

1.4.16-r3

1.4.16-r4

1.4.18-r0

1.4.19-r0

1.4.20-r0

1.4.21-r0

1.4.22-r0

1.4.22-r1

Alpine:v3.5 / gnupg1

Package

Name: gnupg1
Purl: pkg:apk/alpine/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.23-r0

Affected versions

1.*

1.4.16-r0

1.4.16-r1

1.4.16-r2

1.4.16-r3

1.4.16-r4

1.4.18-r0

1.4.19-r0

1.4.20-r0

1.4.21-r0

1.4.22-r0

1.4.22-r1

Alpine:v3.6 / gnupg1

Package

Name: gnupg1
Purl: pkg:apk/alpine/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.23-r0

Affected versions

1.*

1.4.16-r0

1.4.16-r1

1.4.16-r2

1.4.16-r3

1.4.16-r4

1.4.18-r0

1.4.19-r0

1.4.20-r0

1.4.21-r0

1.4.22-r0

1.4.22-r1

Alpine:v3.7 / gnupg1

Package

Name: gnupg1
Purl: pkg:apk/alpine/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.23-r0

Affected versions

1.*

1.4.16-r0

1.4.16-r1

1.4.16-r2

1.4.16-r3

1.4.16-r4

1.4.18-r0

1.4.19-r0

1.4.20-r0

1.4.21-r0

1.4.22-r0

1.4.22-r1

Alpine:v3.8 / gnupg1

Package

Name: gnupg1
Purl: pkg:apk/alpine/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.23-r0

Affected versions

1.*

1.4.16-r0

1.4.16-r1

1.4.16-r2

1.4.16-r3

1.4.16-r4

1.4.18-r0

1.4.19-r0

1.4.20-r0

1.4.21-r0

1.4.22-r0

1.4.22-r1

Alpine:v3.9 / gnupg1

Package

Name: gnupg1
Purl: pkg:apk/alpine/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.23-r0

Affected versions

1.*

1.4.16-r0

1.4.16-r1

1.4.16-r2

1.4.16-r3

1.4.16-r4

1.4.18-r0

1.4.19-r0

1.4.20-r0

1.4.21-r0

1.4.22-r0

1.4.22-r1

Debian:11 / gnupg1

Package

Name: gnupg1
Purl: pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.22-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gnupg1

Package

Name: gnupg1
Purl: pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.22-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gnupg1

Package

Name: gnupg1
Purl: pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.22-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / libgcrypt20

Package

Name: libgcrypt20
Purl: pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libgcrypt20

Package

Name: libgcrypt20
Purl: pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libgcrypt20

Package

Name: libgcrypt20
Purl: pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gpg/libgcrypt

Affected ranges

Type: GIT
Repo: https://github.com/gpg/libgcrypt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b16176769672a659b9a7c1d23325270338323385

Affected versions

Other

DEVEL-BRANCH-1-1

V-0-2-8

V0-0-0

V0-1-0

V0-2-0

V0-2-10

V0-2-15

V0-2-17

V0-2-18

V0-2-19

V0-2-6

V0-3-0

V0-3-1

V0-3-2

V0-3-3

V0-3-4

V0-3-5

V0-4-0

V0-4-1

V0-4-2

V0-4-3

V0-4-4

V0-4-5

V0-9-0

V0-9-1

V0-9-10

V0-9-11

V0-9-2

V0-9-3

V0-9-4

V0-9-5

V0-9-6

V0-9-7

V0-9-8

V0-9-9

V1-0-0

V1-0-1

V1-0-1-ePit-1

V1-0-2

V1-0-3

V1-0-4

V1-1-0

V1-1-10

V1-1-11

V1-1-12

V1-1-2

V1-1-3

V1-1-4

V1-1-42

V1-1-43

V1-1-44

V1-1-5

V1-1-6

V1-1-7

V1-1-8

V1-1-9

V1-1-90

V1-1-91

V1-1-92

V1-1-93

V1-1-94

V1-2-0

V1-2-1

ecc-integration-done

last-gpl-version

marcus-after-thread-cbs

marcus-before-thread-cbs

now-less-freedom-protected

post-nuke-of-trailing-ws

libgcrypt-1.*

libgcrypt-1.3.0

libgcrypt-1.3.1

libgcrypt-1.3.2

libgcrypt-1.4.0

libgcrypt-1.4.1

libgcrypt-1.4.1rc1

libgcrypt-1.4.2

libgcrypt-1.4.2rc1

libgcrypt-1.4.2rc2

libgcrypt-1.4.3

libgcrypt-1.4.4

libgcrypt-1.5.0

libgcrypt-1.5.0-beta1

libgcrypt-1.6.0

libgcrypt-1.7.0

libgcrypt-1.7.1

libgcrypt-1.7.2

libgcrypt-1.7.3

libgcrypt-1.7.4

libgcrypt-1.7.5

libgcrypt-1.7.6

libgcrypt-1.7.7