CVE-2017-7526
MEDIUM6.8EPSS 2.8%gnupg - security update
發布日:2018/7/26修改日:2026/4/28
描述
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.
受影響套件(7)
- Alpine/gnupg1from 0, < 1.4.23-r0
- Debian/gnupgfrom 0, < 1.4.12-7+deb7u9
- Debian/gnupgfrom 0, < 1.4.18-7+deb8u4
- Debian/gnupg1from 0, < 1.4.22-1
- Debian/libgcrypt11from 0, < 1.5.0-5+deb7u6
- Debian/libgcrypt20from 0, < 1.7.8-1
- Debian/libgcrypt20from 0, < 1.6.3-2+deb8u4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.8 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N |