Download
| Alert*
oval:org.secpod.oval:def:2001553
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data . The Decisional Diffie-Hellman assumption does not hold for Libgcrypt"s ElGamal implementation. oval:org.secpod.oval:def:702492 libgcrypt20 is installed oval:org.secpod.oval:def:702487 libgcrypt11: LGPL Crypto library - libgcrypt20: LGPL Crypto library Several security issues were fixed in Libgcrypt. oval:org.secpod.oval:def:703795 libgcrypt20: LGPL Crypto library Libgcrypt could be made to expose sensitive information. oval:org.secpod.oval:def:702967 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt could be made to expose sensitive information. oval:org.secpod.oval:def:75956 libgcrypt20: LGPL Crypto library Libgcrypt could be made to expose sensitive information. oval:org.secpod.oval:def:53124 Daniel Genkin, Luke Valenta and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack against the ECDH encryption with Curve25519, allowing recovery of the private key. See https://eprint.iacr.org/2017/806 for details. oval:org.secpod.oval:def:603080 Daniel Genkin, Luke Valenta and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack against the ECDH encryption with Curve25519, allowing recovery of the private key. See https://eprint.iacr.org/2017/806 for details. oval:org.secpod.oval:def:602369 Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack. See https://www.cs.tau.ac.IL/~tromer/ecdh/ for details. oval:org.secpod.oval:def:41167 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt. oval:org.secpod.oval:def:602937 It was discovered that a side channel attack in the EdDSA session key handling in Libgcrypt may result in information disclosure. oval:org.secpod.oval:def:51524 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt. oval:org.secpod.oval:def:703240 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt incorrectly generated random numbers. oval:org.secpod.oval:def:51621 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt incorrectly generated random numbers. oval:org.secpod.oval:def:602592 Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of Libgcrypt"s random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug ... oval:org.secpod.oval:def:602975 Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for deta ... oval:org.secpod.oval:def:53090 Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for deta ... oval:org.secpod.oval:def:603433 It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys. oval:org.secpod.oval:def:51062 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt could be made to expose sensitive information. oval:org.secpod.oval:def:53354 It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys. oval:org.secpod.oval:def:704129 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt could be made to expose sensitive information. oval:org.secpod.oval:def:2003580 In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes |