CVE-2017-0379 - log back

CVE-2017-0379 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Private key recovery
Description
+ Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. On multi user systems or on boxes with virtual machines this attack may be used to steal private keys.
References
+ https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000414.html
+ https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=bf76acbf0da6b0f245e491bec12c0f0a1b5be7c9
+ https://eprint.iacr.org/2017/806
Notes