CVE-2017-9526
MEDIUMLibgcrypt < 1.7.7 - EdDSA Long-Term Secret Key Exposure via Session Key Leak
Title source: llmDescription
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.
References (7)
Core 7
Core References
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Vendor Advisory x_refsource_confirm
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Various Sources x_refsource_confirm
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=5a22de904a0a366ae79f03ff1e13a1232a89e26b
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99046
Various Sources x_refsource_confirm
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=f9494b3f258e01b6af8bd3941ce436bcc00afc56
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1042326
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3880
Scores
CVSS v3
5.9
EPSS
0.0232
EPSS Percentile
81.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
gnupg/libgcrypt
< 1.7.6
Published
Jun 11, 2017
Tracked Since
Feb 18, 2026