Do your applications use this vulnerable package?
Test your applications
Overview
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
References
- ADVISORY
- Debian Security Announcement
- Debian Security Announcement
- Debian Security Tracker
- Gentoo Security Advisory
- GitHub Release
- MISC
- OSS security Advisory
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
- Ubuntu Security Advisory
- Ubuntu Security Advisory
CVSS Score
6.3
medium severity
-
Attack VectorLocal
-
Attack ComplexityHigh
-
Privileges RequiredNone
-
User InteractionRequired
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityNone
- CVE
- CVE-2019-13627
- CWE
- CWE-362
- Snyk ID
- SNYK-UBUNTU1804-LIBGCRYPT20-467122
- Disclosed
- 25 Sep, 2019
- Published
- 29 Aug, 2019