Timing Vulnerability in Libgcrypt and GnuPG Products
CVE-2015-0837

5.9MEDIUM

Key Information:

Vendor

Gnu
Status
Libgcrypt
Gnupg
Vendor
CVE Published:
29 November 2019

What is CVE-2015-0837?

An issue exists in the mpi_powm function of Libgcrypt and GnuPG that permits attackers to exploit timing discrepancies while accessing a pre-computed table during modular exponentiation. This may lead to the leakage of sensitive information through a Last-Level Cache Side-Channel Attack. The vulnerability affects versions of Libgcrypt prior to 1.6.3 and GnuPG prior to 1.4.19, necessitating awareness and remediation to protect against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GnuPG before 1.4.19

Libgcrypt before 1.6.3

References

http://www.debian.org/security/2015/dsa-3184
x_refsource_MISC
http://www.debian.org/security/2015/dsa-3185
x_refsource_MISC
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/0...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.