CVE-2017-7526
- Source
- https://cve.org/CVERecord?id=CVE-2017-7526
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7526.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-7526
- Downstream
- Related
- Published
- 2018-07-26T13:29:00.183Z
- Modified
- 2026-04-02T00:15:38.995259Z
- Severity
-
- 6.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.
- References
-
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=78130828e9a140a9de4dafadbc844dbb64cb709a
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=8725c99ffa41778f382ca97233183bcd687bb0ce
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=e6a3dc9900433bbc8ad362a595a3837318c28fa9
- http://www.securitytracker.com/id/1038915
- https://eprint.iacr.org/2017/627
- https://www.debian.org/security/2017/dsa-3901
- https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
- https://usn.ubuntu.com/3733-1/
- https://usn.ubuntu.com/3733-2/
- https://www.debian.org/security/2017/dsa-3960
- http://www.securityfocus.com/bid/99338
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526
Affected packages
Git / git.gnupg.org/libgcrypt.git
Affected versions
Other
DEVEL-BRANCH-1-1
V-0-2-8
V0-0-0
V0-1-0
V0-2-0
V0-2-10
V0-2-15
V0-2-17
V0-2-18
V0-2-19
V0-2-6
V0-3-0
V0-3-1
V0-3-2
V0-3-3
V0-3-4
V0-3-5
V0-4-0
V0-4-1
V0-4-2
V0-4-3
V0-4-4
V0-4-5
V0-9-0
V0-9-1
V0-9-10
V0-9-11
V0-9-2
V0-9-3
V0-9-4
V0-9-5
V0-9-6
V0-9-7
V0-9-8
V0-9-9
V1-0-0
V1-0-1
V1-0-1-ePit-1
V1-0-2
V1-0-3
V1-0-4
V1-1-0
V1-1-10
V1-1-11
V1-1-12
V1-1-2
V1-1-3
V1-1-4
V1-1-42
V1-1-43
V1-1-44
V1-1-5
V1-1-6
V1-1-7
V1-1-8
V1-1-9
V1-1-90
V1-1-91
V1-1-92
V1-1-93
V1-1-94
V1-2-0
V1-2-1
V1-2-2
ecc-integration-done
last-gpl-version
marcus-after-thread-cbs
marcus-before-thread-cbs
now-less-freedom-protected
post-nuke-of-trailing-ws
libgcrypt-1.*
libgcrypt-1.10-base
libgcrypt-1.10.0
libgcrypt-1.10.1
libgcrypt-1.10.2
libgcrypt-1.10.3
libgcrypt-1.11-base
libgcrypt-1.11.0
libgcrypt-1.11.1
libgcrypt-1.11.2
libgcrypt-1.12.0
libgcrypt-1.12.1
libgcrypt-1.2.3
libgcrypt-1.2.4
libgcrypt-1.3.0
libgcrypt-1.3.1
libgcrypt-1.3.2
libgcrypt-1.4.0
libgcrypt-1.4.1
libgcrypt-1.4.1rc1
libgcrypt-1.4.2
libgcrypt-1.4.2rc1
libgcrypt-1.4.2rc2
libgcrypt-1.4.3
libgcrypt-1.4.4
libgcrypt-1.4.5
libgcrypt-1.4.6
libgcrypt-1.5.0
libgcrypt-1.5.0-beta1
libgcrypt-1.5.1
libgcrypt-1.5.2
libgcrypt-1.5.3
libgcrypt-1.5.4
libgcrypt-1.5.5
libgcrypt-1.5.6
libgcrypt-1.6.0
libgcrypt-1.6.1
libgcrypt-1.6.2
libgcrypt-1.6.3
libgcrypt-1.6.4
libgcrypt-1.6.5
libgcrypt-1.6.6
libgcrypt-1.7.0
libgcrypt-1.7.1
libgcrypt-1.7.2
libgcrypt-1.7.3
libgcrypt-1.7.4
libgcrypt-1.7.5
libgcrypt-1.7.6
libgcrypt-1.7.7
libgcrypt-1.8.0
libgcrypt-1.8.1
libgcrypt-1.8.10
libgcrypt-1.8.11
libgcrypt-1.8.12
libgcrypt-1.8.2
libgcrypt-1.8.3
libgcrypt-1.8.4
libgcrypt-1.8.5
libgcrypt-1.8.6
libgcrypt-1.8.7
libgcrypt-1.8.8
libgcrypt-1.8.9
libgcrypt-1.9-base
libgcrypt-1.9.0
libgcrypt-1.9.1
libgcrypt-1.9.2
libgcrypt-1.9.3
libgcrypt-1.9.4
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7526.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
}
]