CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
73.2%
Package : libgcrypt11
Version : 1.5.0-5+deb7u6
CVE ID : CVE-2017-7526
It was discovered that there was a key disclosure vulnerability in libgcrypt11
a library of cryptographic routines:
It is well known that constant-time implementations of modular exponentiation
cannot use sliding windows. However, software libraries such as Libgcrypt,
used by GnuPG, continue to use sliding windows. It is widely believed that,
even if the complete pattern of squarings and multiplications is observed
through a side-channel attack, the number of exponent bits leaked is not
sufficient to carry out a full key-recovery attack against RSA.
Specifically, 4-bit sliding windows leak only 40% of the bits, and 5-bit
sliding windows leak only 33% of the bits.
-- Sliding right into disaster: Left-to-right sliding windows leak
<https://eprint.iacr.org/2017/627>
For Debian 7 "Wheezy", this issue has been fixed in libgcrypt11 version
1.5.0-5+deb7u6.
We recommend that you upgrade your libgcrypt11 packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | mipsel | libgcrypt20-udeb | < 1.6.3-2+deb8u4 | libgcrypt20-udeb_1.6.3-2+deb8u4_mipsel.deb |
Debian | 9 | amd64 | libgcrypt20-dbgsym | < 1.7.6-2+deb9u1 | libgcrypt20-dbgsym_1.7.6-2+deb9u1_amd64.deb |
Debian | 7 | i386 | gnupg | < 1.4.12-7+deb7u9 | gnupg_1.4.12-7+deb7u9_i386.deb |
Debian | 8 | armhf | libgcrypt20-udeb | < 1.6.3-2+deb8u4 | libgcrypt20-udeb_1.6.3-2+deb8u4_armhf.deb |
Debian | 7 | i386 | gnupg-curl | < 1.4.12-7+deb7u9 | gnupg-curl_1.4.12-7+deb7u9_i386.deb |
Debian | 8 | arm64 | libgcrypt20-dbg | < 1.6.3-2+deb8u4 | libgcrypt20-dbg_1.6.3-2+deb8u4_arm64.deb |
Debian | 8 | armel | libgcrypt20-dbg | < 1.6.3-2+deb8u4 | libgcrypt20-dbg_1.6.3-2+deb8u4_armel.deb |
Debian | 8 | kfreebsd-i386 | gnupg | < 1.4.18-7+deb8u4 | gnupg_1.4.18-7+deb8u4_kfreebsd-i386.deb |
Debian | 9 | arm64 | libgcrypt20-udeb | < 1.7.6-2+deb9u1 | libgcrypt20-udeb_1.7.6-2+deb9u1_arm64.deb |
Debian | 8 | kfreebsd-i386 | gpgv-udeb | < 1.4.18-7+deb8u4 | gpgv-udeb_1.4.18-7+deb8u4_kfreebsd-i386.deb |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
73.2%