Vulnerability Details : CVE-2017-0379
Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.
Vulnerability category: Information leak
Products affected by CVE-2017-0379
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-0379
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-0379
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-0379
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-0379
-
https://bugs.debian.org/873383
#873383 - libgcrypt20: CVE-2017-0379: side-channel attack on Curve25519 - Debian Bug report logsIssue Tracking;Third Party Advisory
-
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=da780c8183cccc8f533c8ace8211ac2cb2bdee7b
git.gnupg.org Git - libgcrypt.git/commitIssue Tracking;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/100503
libgcrypt CVE-2017-0379 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Oracle Critical Patch Update - January 2019
-
https://security-tracker.debian.org/tracker/CVE-2017-0379
CVE-2017-0379Patch;Third Party Advisory
-
https://lists.debian.org/debian-security-announce/2017/msg00221.html
[SECURITY] [DSA 3959-1] libgcrypt20 security updateMailing List;Patch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20180726-0002/
July 2018 MySQL Vulnerabilities in NetApp Products | NetApp Product Security
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018
-
https://eprint.iacr.org/2017/806
Cryptology ePrint Archive: Report 2017/806 - May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519Mailing List;Third Party Advisory
-
https://www.debian.org/security/2017/dsa-3959
Debian -- Security Information -- DSA-3959-1 libgcrypt20Patch;Third Party Advisory
-
http://www.securitytracker.com/id/1041294
MySQL Multiple Flaws Let Remote Users Access and Gain Elevated Privileges, Remote Authenticated and Local Users Deny Service, and Remote Authenticated Users Modify Data - SecurityTracker
Jump to