CVE-2017-7526
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.
libgcrypt en versiones anteriores a la 1.7.8 es vulnerable a un ataque de canal lateral de memoria caché, resultando en una brecha completa de RSA-1024 cuando se utiliza un método left-to-right para procesar la expansión de la ventana deslizante. Se cree que el mismo ataque funciona en RSA-2048 con un nivel de procesamiento moderadamente mayor. Este canal lateral necesita que el atacante pueda ejecutar software arbitrario en el hardware en donde se utiliza la clave privada RSA.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-05 CVE Reserved
- 2017-07-03 CVE Published
- 2024-08-05 CVE Updated
- 2024-10-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-310: Cryptographic Issues
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99338 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038915 | Third Party Advisory | |
| https://eprint.iacr.org/2017/627 | Third Party Advisory | |
| https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=78130828e9a140a9de4dafadbc844dbb64cb709a | X_refsource_confirm | |
| https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=8725c99ffa41778f382ca97233183bcd687bb0ce | X_refsource_confirm | |
| https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=e6a3dc9900433bbc8ad362a595a3837318c28fa9 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html | 2023-11-07 | |
| https://usn.ubuntu.com/3733-1 | 2023-11-07 | |
| https://usn.ubuntu.com/3733-2 | 2023-11-07 | |
| https://www.debian.org/security/2017/dsa-3901 | 2023-11-07 | |
| https://www.debian.org/security/2017/dsa-3960 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnupg Search vendor "Gnupg" | Libgcrypt Search vendor "Gnupg" for product "Libgcrypt" | < 1.7.8 Search vendor "Gnupg" for product "Libgcrypt" and version " < 1.7.8" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||