| CVE-2021-33560 |
AVG-2011 |
Medium |
Yes |
Private key recovery |
Libgcrypt before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window... |
| CVE-2021-3345 |
AVG-1505 |
Critical |
No |
Arbitrary code execution |
_gcry_md_block_write in cipher/hash-common.c in libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count... |
| CVE-2019-13627 |
AVG-1044 |
High |
Yes |
Private key recovery |
A vulnerability has been found in the ECDSA/EdDSA implementation of libgcrypt up to 1.8.4, allowing for practical recovery of the long- term private key. |
| CVE-2018-0495 |
AVG-719 |
High |
No |
Private key recovery |
An implementation flaw has been discovered in multiple cryptographic libraries that allows a side-channel based attacker to recover ECDSA or DSA private... |
| CVE-2017-7526 |
AVG-338 |
High |
No |
Private key recovery |
The pattern of squarings and multiplications in left-to-right sliding windows in libgcrypt <= 1.7.7 leaks significant information about exponent bits,... |
| CVE-2017-0379 |
AVG-402 |
Medium |
No |
Private key recovery |
Libgcrypt before 1.8.1 does not properly consider Curve25519 side- channel attacks, which makes it easier for attackers to discover a secret key, related to... |