Vulnerabilities > Gnupg > Libgcrypt > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-06 | CVE-2021-40528 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Gnupg Libgcrypt The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 5.9 |
| 2019-11-29 | CVE-2015-0837 | Information Exposure Through Discrepancy vulnerability in multiple products The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack." | 5.9 |
| 2019-11-29 | CVE-2014-3591 | Information Exposure vulnerability in multiple products Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. | 4.2 |
| 2019-06-20 | CVE-2019-12904 | Exposure of Resource to Wrong Sphere vulnerability in multiple products In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. | 5.9 |
| 2018-07-26 | CVE-2017-7526 | Cryptographic Issues vulnerability in multiple products libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. | 6.8 |
| 2018-06-13 | CVE-2018-0495 | Information Exposure Through Discrepancy vulnerability in multiple products Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. | 4.7 |
| 2017-06-11 | CVE-2017-9526 | Information Exposure vulnerability in Gnupg Libgcrypt In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. | 5.9 |
| 2016-12-13 | CVE-2016-6313 | Information Exposure vulnerability in multiple products The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. | 5.3 |