vulnerability
Oracle Linux: CVE-2019-13627: ELSA-2020-4482: libgcrypt security, bug fix, and enhancement update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:L/AC:H/Au:N/C:P/I:P/A:N) | Oct 2, 2019 | Nov 12, 2020 | Dec 3, 2025 |
Severity
3
CVSS
(AV:L/AC:H/Au:N/C:P/I:P/A:N)
Published
Oct 2, 2019
Added
Nov 12, 2020
Modified
Dec 3, 2025
Description
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
A timing attack was found in the way ECCDSA was implemented in libgcrypt. A man-in-the-middle attacker could use this attack during signature generation to recover the private key. This attack is only feasible when the attacker is local to the machine where the signature is being generated. Attacks over the network or via the internet are not feasible.
A timing attack was found in the way ECCDSA was implemented in libgcrypt. A man-in-the-middle attacker could use this attack during signature generation to recover the private key. This attack is only feasible when the attacker is local to the machine where the signature is being generated. Attacks over the network or via the internet are not feasible.
Solutions
oracle-linux-upgrade-libgcryptoracle-linux-upgrade-libgcrypt-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.