Side-Channel Attack

2018-08-0706:10:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

58.7%

JSON

libgcrypt.so is vulnerable to side-channel attacks. The elliptic-point curve multiplication during decryption is not properly performed, which allows attackers within close proximity to extract the secret decryption key within seconds by measuring electromagnetic emanations.

CPENameOperatorVersion
libgcrypt.sole20.3.4

CPE	Name	Operator	Version
	libgcrypt.so	le	20.3.4

References

www.cs.tau.ac.il/~tromer/ecdh/

github.com/gpg/libgcrypt/commit/23b72901f8a5ba9a78485b235c7a917fbc8faae0

github.com/gpg/libgcrypt/commit/4a19b195697e0b6534d28de9401ae3e9d86adb42

Side-Channel Attack

References

Related