CVE-2015-0837

5.9MEDIUM

Key Information:

Vendor: Gnu
Status: Libgcrypt; Gnupg
Vendor: CVE Published:; 29 November 2019

Summary

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."

Affected Version(s)

GnuPG before 1.4.19

Libgcrypt before 1.6.3

References

http://www.debian.org/security/2015/dsa-3184

x_refsource_MISC

http://www.debian.org/security/2015/dsa-3185

x_refsource_MISC

https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/0...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 29, 2019
Vulnerability Reserved
Jan 7, 2015

.