Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description General purpose cryptographic library based on the code from GnuPG
Version 1.8.6-1 [core]


Group Affected Fixed Severity Status Ticket
AVG-1044 1.8.4-1 1.8.5-1 High Fixed
AVG-719 1.8.2-1 1.8.3-1 High Fixed
AVG-402 1.8.0-1 1.8.1-1 Medium Fixed
AVG-338 1.7.7-1 1.7.8-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2019-13627 AVG-1044 High Yes Private key recovery
A vulnerability has been found in the ECDSA/EdDSA implementation of libgcrypt up to 1.8.4, allowing for practical recovery of the long- term private key.
CVE-2018-0495 AVG-719 High No Private key recovery
An implementation flaw has been discovered in multiple cryptographic libraries that allows a side-channel based attacker to recover ECDSA or DSA private...
CVE-2017-7526 AVG-338 High No Private key recovery
The pattern of squarings and multiplications in left-to-right sliding windows in libgcrypt <= 1.7.7 leaks significant information about exponent bits,...
CVE-2017-0379 AVG-402 Medium No Private key recovery
Libgcrypt before 1.8.1 does not properly consider Curve25519 side- channel attacks, which makes it easier for attackers to discover a secret key, related to...


Date Advisory Group Severity Description
16 Jun 2018 ASA-201806-10 AVG-719 High private key recovery
18 Sep 2017 ASA-201709-13 AVG-402 Medium private key recovery
03 Jul 2017 ASA-201707-1 AVG-338 High private key recovery