Cryptographic Issues in libgcrypt20

Do your applications use this vulnerable package? Test your applications

Overview

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)

References

CVE Details
Debian Security Tracker
GitHub Commit
GitHub Commit
MISC
MLIST
OpenSuse Security Announcement
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

High
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

None
Availability

None

CVE: CVE-2019-12904
CWE: CWE-310
Snyk ID: SNYK-DEBIAN10-LIBGCRYPT20-450771
Disclosed: 20 Jun, 2019
Published: 23 Jun, 2019

Cryptographic Issues
Affecting libgcrypt20 package, versions *

Overview

References

CVSS Score

Cryptographic Issues Affecting libgcrypt20 package, versions *

Overview

References

Cryptographic Issues
Affecting libgcrypt20 package, versions *