vulnerability
Oracle Linux: CVE-2019-13627: ELSA-2020-4482: libgcrypt security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:H/Au:N/C:C/I:C/A:N) | 2019-10-02 | 2020-11-12 | 2024-11-29 |
Severity
6
CVSS
(AV:L/AC:H/Au:N/C:C/I:C/A:N)
Published
2019-10-02
Added
2020-11-12
Modified
2024-11-29
Description
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
A timing attack was found in the way ECCDSA was implemented in libgcrypt. A man-in-the-middle attacker could use this attack during signature generation to recover the private key. This attack is only feasible when the attacker is local to the machine where the signature is being generated. Attacks over the network or via the internet are not feasible.
A timing attack was found in the way ECCDSA was implemented in libgcrypt. A man-in-the-middle attacker could use this attack during signature generation to recover the private key. This attack is only feasible when the attacker is local to the machine where the signature is being generated. Attacks over the network or via the internet are not feasible.
Solution(s)
oracle-linux-upgrade-libgcryptoracle-linux-upgrade-libgcrypt-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.