ALT-PU-2016-1087-1
Closed vulnerabilities
Published: 2016-04-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-7511
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.
Severity: LOW (2.0)
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
- openSUSE-SU-2016:1227
- openSUSE-SU-2016:1227
- http://www.cs.tau.ac.IL/~tromer/ecdh/
- http://www.cs.tau.ac.IL/~tromer/ecdh/
- DSA-3474
- DSA-3474
- DSA-3478
- DSA-3478
- 83253
- 83253
- USN-2896-1
- USN-2896-1
- FEDORA-2016-83cd045bcc
- FEDORA-2016-83cd045bcc
- [gnupg-announce] 20160209 [Announce] Libgcrypt 1.6.5 with security fix released
- [gnupg-announce] 20160209 [Announce] Libgcrypt 1.6.5 with security fix released
- GLSA-201610-04
- GLSA-201610-04