CVE-2018-0495 log

Severity High
Remote No
Type Private key recovery
An implementation flaw has been discovered in multiple cryptographic libraries that allows a side-channel based attacker to recover ECDSA or DSA private keys. When these cryptographic libraries use the private key to create a signature, such as for a TLS or SSH connection, they inadvertently leak information through memory caches. An unprivileged attacker running on the same machine can collect the information from a few thousand signatures and recover the value of the private key.
Group Package Affected Fixed Severity Status Ticket
AVG-719 libgcrypt 1.8.2-1 1.8.3-1 High Fixed
Date Advisory Group Package Severity Type
16 Jun 2018 ASA-201806-10 AVG-719 libgcrypt High private key recovery