Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description General purpose cryptographic library based on the code from GnuPG (32-bit)
Version 1.10.2-1 [multilib]


Group Affected Fixed Severity Status Ticket
AVG-2012 1.9.2-1 1.9.3-1 Medium Fixed
AVG-1045 1.8.4-1 1.8.5-1 High Fixed
AVG-403 1.8.0-1 1.8.1-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-33560 AVG-2012 Medium Yes Private key recovery
Libgcrypt before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window...
CVE-2019-13627 AVG-1045 High Yes Private key recovery
A vulnerability has been found in the ECDSA/EdDSA implementation of libgcrypt up to 1.8.4, allowing for practical recovery of the long- term private key.
CVE-2017-0379 AVG-403 Medium No Private key recovery
Libgcrypt before 1.8.1 does not properly consider Curve25519 side- channel attacks, which makes it easier for attackers to discover a secret key, related to...


Date Advisory Group Severity Type
18 Sep 2017 ASA-201709-14 AVG-403 Medium private key recovery