Libgcrypt Vulnerability Affects Key Management in Cryptographic Products
CVE-2015-7511

2LOW

Key Information:

Vendor

Gnupg

Status
Libgcrypt
Vendor
CVE Published:
19 April 2016

What is CVE-2015-7511?

The vulnerability in Libgcrypt allows attackers in close physical proximity to potentially extract ECDH keys by analyzing electromagnetic emissions during elliptic curve point multiplication in decryption processes. This weakness primarily affects systems relying on Libgcrypt prior to version 1.6.5, rendering them susceptible to key compromise if appropriate security measures are not implemented.

References

http://www.debian.org/security/2016/dsa-3478
vendor-advisoryx_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-2896-1
vendor-advisoryx_refsource_UBUNTU
https://security.gentoo.org/glsa/201610-04
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
2
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.