Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2015-0837
Analyzed
More InfoOfficial Page
Source-security@debian.org
View Known Exploited Vulnerability (KEV) details
Published At-29 Nov, 2019 | 22:15
Updated At-14 Dec, 2019 | 13:59

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
gnupg
gnupg
>>gnupg>>Versions before 1.4.19(exclusive)
cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*
gnupg
gnupg
>>libgcrypt>>Versions before 1.6.3(exclusive)
cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-203Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.debian.org/security/2015/dsa-3184security@debian.org
Third Party Advisory
http://www.debian.org/security/2015/dsa-3185security@debian.org
Third Party Advisory
https://ieeexplore.ieee.org/document/7163050security@debian.org
Third Party Advisory
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.htmlsecurity@debian.org
Mailing List
Vendor Advisory
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.htmlsecurity@debian.org
Mailing List
Vendor Advisory
Change History
0Changes found
Details not found