Skip to main content

Libgcrypt CVE-2015-7511

LOW
Information Exposure (CWE-200)
2016-04-19 secalert@redhat.com
2.0
CVSS 3.0 · NVD

Severity by source

NVD PRIMARY
2.0 LOW
AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Physical
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 19, 2016 - 21:59 cve.org
LOW 2.0

DescriptionCVE.org

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.

AnalysisAI

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. Affected products include: Gnupg Libgcrypt, Debian Debian Linux, Canonical Ubuntu Linux. Version information: before 1.6.5.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2018-6829 HIGH POC
7.5 Feb 07

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, whic

CVE-2021-40528 MEDIUM POC
5.9 Sep 06

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two c

CVE-2018-0495 MEDIUM POC
4.7 Jun 13

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be

CVE-2017-0379 HIGH
7.5 Aug 29

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers t

CVE-2021-3345 HIGH
7.8 Jan 29

_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest

CVE-2021-33560 HIGH
7.5 Jun 08

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to addres

CVE-2026-41989 MEDIUM
6.7 Apr 23

Heap-based buffer overflow in Libgcrypt before 1.12.2 allows local attackers to trigger denial of service and corrupt me

CVE-2017-9526 MEDIUM
5.9 Jun 11

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signin

CVE-2016-6313 MEDIUM
5.3 Dec 13

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.

CVE-2019-12904 MEDIUM
5.9 Jun 20

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical

CVE-2014-5270 LOW
2.1 Oct 10

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciph

CVE-2013-4242 LOW
1.9 Aug 19

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users t

Share

CVE-2015-7511 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy