CVE-2019-12904
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack
** EN DISPUTA ** En Libgcrypt versión 1.8.4, la implementación en C de AES es vulnerable a un ataque de canal lateral de descarga y recarga porque las direcciones físicas están disponibles para otros procesos. (La implementación en C se usa en plataformas donde una implementación en lenguaje ensamblador no está disponible). NOTA: la posición del vendedor es que el informe de emisión no puede ser validado porque no hay descripción de un ataque
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-06-19 CVE Reserved
- 2019-06-19 CVE Published
- 2024-08-04 CVE Updated
- 2024-11-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://dev.gnupg.org/T4541 | Third Party Advisory | |
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020 | 2024-05-17 | |
https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762 | 2024-05-17 |
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html | 2024-05-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gnupg Search vendor "Gnupg" | Libgcrypt Search vendor "Gnupg" for product "Libgcrypt" | 1.8.4 Search vendor "Gnupg" for product "Libgcrypt" and version "1.8.4" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
|