Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.
Information Disclosure
Libgcrypt
Debian Linux
Ubuntu Linux
NVD
CVSS 3.0
2.0
EPSS
0.0%