CVE-2018-9234
https://notcve.org/view.php?id=CVE-2018-9234
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. GnuPG 2.2.4 y 2.2.5 no aplica una configuración en la que la certificación de claves requiere una clave maestra Certify offline. Esto resulta en que certificados aparentemente válidos ocurran solo con acceso a una subclave de firma. • https://dev.gnupg.org/T3844 https://usn.ubuntu.com/3675-1 • CWE-320: Key Management Errors •
CVE-2018-6829
https://notcve.org/view.php?id=CVE-2018-6829
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation. cipher/elgamal.c en Libgcrypt hasta la versión 1.8.2, al emplearse para cifrar mensajes directamente, cifra los textos planos indebidamente, lo que permite que atacantes remotos obtengan información sensible mediante la lectura de datos en texto cifrado (p.ej., no tiene seguridad semántica a la hora de enfrentarse a un ataque solo en texto cifrado). La hipótesis DDH (Decisional Diffie-Hellman) no soporta la implementación ElGamal de Libgcrypt. • https://github.com/weikengchen/attack-on-libgcrypt-elgamal https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html https://www.oracle.com/security-alerts/cpujan2020.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2017-0379
https://notcve.org/view.php?id=CVE-2017-0379
Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. Libgcrypt en versiones anteriores a la 1.8.1 no considera correctamente ataques de canal lateral Curve25519, lo que facilita que los atacantes descubran una clave secreta relacionada con cipher/ecc.c y mpi/ec.c. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/100503 http://www.securitytracker.com/id/1041294 https://bugs.debian.org/873383 https://eprint.iacr.org/2017/806 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=da780c8183cccc8f533c8ace8211ac2cb2bdee7b https://lists.debian.org/debian-security-announce/2017/msg00221.html https://security-tracker.debian.org/tracker/CVE-2017-0379 https://security.netapp.com/advisory/ntap • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-7526
https://notcve.org/view.php?id=CVE-2017-7526
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used. libgcrypt en versiones anteriores a la 1.7.8 es vulnerable a un ataque de canal lateral de memoria caché, resultando en una brecha completa de RSA-1024 cuando se utiliza un método left-to-right para procesar la expansión de la ventana deslizante. Se cree que el mismo ataque funciona en RSA-2048 con un nivel de procesamiento moderadamente mayor. Este canal lateral necesita que el atacante pueda ejecutar software arbitrario en el hardware en donde se utiliza la clave privada RSA. • http://www.securityfocus.com/bid/99338 http://www.securitytracker.com/id/1038915 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526 https://eprint.iacr.org/2017/627 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=78130828e9a140a9de4dafadbc844dbb64cb709a https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=8725c99ffa41778f382ca97233183bcd687bb0ce https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=e6a3dc9900433bbc8ad362a595a3837318c28fa9 https: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVE-2017-9526
https://notcve.org/view.php?id=CVE-2017-9526
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library. En Libgcrypt, anterior a versión 1.7.7, un atacante que aprende la clave de sesión EdDSA (de la observación del canal lateral durante el proceso de firma) puede fácilmente recuperar la clave secreta a largo plazo . 1.7.7 haciendo un cambio del archivo cipher/ecc-eddsa.c para almacenar esta clave de sesión en memoria segura, y así garantizar que operaciones puntuales de tiempo constante sean usadas en la biblioteca MPI. • http://www.debian.org/security/2017/dsa-3880 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/99046 https://bugzilla.suse.com/show_bug.cgi?id=1042326 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=5a22de904a0a366ae79f03ff1e13a1232a89e26b https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=f9494b3f258e01b6af8bd3941ce436bcc00afc56 https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •