CVE-2019-13627

MEDIUM6.3EPSS 0.04%

libgcrypt20 - regression update

Published: 9/25/2019Modified: 4/28/2026

Description

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.

Affected packages (4)

Alpine/libgcryptfrom 0, < 1.8.5-r0
Debian/libgcrypt20from 0, < 1.8.5-1
Debian/libgcrypt20from 0, < 1.6.3-2+deb8u6
Debian/libgcrypt20from 0, < 1.6.3-2+deb8u8

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.3	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2019-13627
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-13627