CVE-2019-13627
- Source
- https://cve.org/CVERecord?id=CVE-2019-13627
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13627.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-13627
- Downstream
- Related
- Published
- 2019-09-25T15:15:11.877Z
- Modified
- 2026-05-28T04:04:36.590870529Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
- Database specific
{ "unresolved_ranges": [ { "extracted_events": [ { "last_affected": "12.04" }, { "last_affected": "14.04" }, { "last_affected": "16.04" }, { "last_affected": "18.04" }, { "last_affected": "19.04" }, { "last_affected": "19.10" } ], "vendor_product": "canonical:ubuntu_linux", "cpes": [ "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*" ], "source": "CPE_STRING" }, { "extracted_events": [ { "last_affected": "1.6.3-2+deb8u4" }, { "last_affected": "1.7.6-2+deb9u3" }, { "last_affected": "1.8.4-5" } ], "cpes": [ "cpe:2.3:a:libgcrypt20_project:libgcrypt20:1.6.3-2\\+deb8u4:*:*:*:*:*:*:*", "cpe:2.3:a:libgcrypt20_project:libgcrypt20:1.7.6-2\\+deb9u3:*:*:*:*:*:*:*", "cpe:2.3:a:libgcrypt20_project:libgcrypt20:1.8.4-5:*:*:*:*:*:*:*" ], "source": "CPE_STRING", "vendor_product": "libgcrypt20_project:libgcrypt20" }, { "extracted_events": [ { "last_affected": "15.0" }, { "last_affected": "15.1" } ], "cpes": [ "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" ], "source": "CPE_STRING", "vendor_product": "opensuse:leap" } ] }- References
-
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html
- http://www.openwall.com/lists/oss-security/2019/10/02/2
- https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5
- https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html
- https://minerva.crocs.fi.muni.cz/
- https://security-tracker.debian.org/tracker/CVE-2019-13627
- https://security.gentoo.org/glsa/202003-32
- https://usn.ubuntu.com/4236-1/
- https://usn.ubuntu.com/4236-2/
- https://usn.ubuntu.com/4236-3/
Affected packages
Git / github.com/gpg/libgcrypt
Affected versions
Other
DEVEL-BRANCH-1-1
V-0-2-8
V0-0-0
V0-1-0
V0-2-0
V0-2-10
V0-2-15
V0-2-17
V0-2-18
V0-2-19
V0-2-6
V0-3-0
V0-3-1
V0-3-2
V0-3-3
V0-3-4
V0-3-5
V0-4-0
V0-4-1
V0-4-2
V0-4-3
V0-4-4
V0-4-5
V0-9-0
V0-9-1
V0-9-10
V0-9-11
V0-9-2
V0-9-3
V0-9-4
V0-9-5
V0-9-6
V0-9-7
V0-9-8
V0-9-9
V1-0-0
V1-0-1
V1-0-1-ePit-1
V1-0-2
V1-0-3
V1-0-4
V1-1-0
V1-1-10
V1-1-11
V1-1-12
V1-1-2
V1-1-3
V1-1-4
V1-1-42
V1-1-43
V1-1-44
V1-1-5
V1-1-6
V1-1-7
V1-1-8
V1-1-9
V1-1-90
V1-1-91
V1-1-92
V1-1-93
V1-1-94
V1-2-0
V1-2-1
ecc-integration-done
last-gpl-version
marcus-after-thread-cbs
marcus-before-thread-cbs
now-less-freedom-protected
post-nuke-of-trailing-ws
libgcrypt-1.*
libgcrypt-1.3.0
libgcrypt-1.3.1
libgcrypt-1.3.2
libgcrypt-1.4.0
libgcrypt-1.4.1
libgcrypt-1.4.1rc1
libgcrypt-1.4.2
libgcrypt-1.4.2rc1
libgcrypt-1.4.2rc2
libgcrypt-1.4.3
libgcrypt-1.4.4
libgcrypt-1.5.0
libgcrypt-1.5.0-beta1
libgcrypt-1.6.0
libgcrypt-1.7.0
libgcrypt-1.7.1
libgcrypt-1.7.2
libgcrypt-1.7.3
libgcrypt-1.8.0
libgcrypt-1.8.1
libgcrypt-1.8.2
libgcrypt-1.8.3
libgcrypt-1.8.4