{ "schema_version": "1.4.0", "id": "GHSA-f2v5-c455-qhg2", "modified": "2022-05-13T01:36:18Z", "published": "2022-05-13T01:36:18Z", "aliases": [ "CVE-2017-7526" ], "details": "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7526" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526" }, { "type": "WEB", "url": "https://eprint.iacr.org/2017/627" }, { "type": "WEB", "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a" }, { "type": "WEB", "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce" }, { "type": "WEB", "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9" }, { "type": "WEB", "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html" }, { "type": "WEB", "url": "https://usn.ubuntu.com/3733-1" }, { "type": "WEB", "url": "https://usn.ubuntu.com/3733-2" }, { "type": "WEB", "url": "https://www.debian.org/security/2017/dsa-3901" }, { "type": "WEB", "url": "https://www.debian.org/security/2017/dsa-3960" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/99338" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1038915" } ], "database_specific": { "cwe_ids": [], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2018-07-26T13:29:00Z" } }