CVE-2017-7526

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2017-7526
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2018-07-26 13:29:00 UTC
Updated2023-11-07 02:50:00 UTC
Descriptionlibgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.

Risk And Classification

Problem Types: CWE-310

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Canonical Ubuntu Linux 12.04 All All All
Operating System Canonical Ubuntu Linux 14.04 All All All
Operating System Canonical Ubuntu Linux 16.04 All All All
Operating System Canonical Ubuntu Linux 12.04 All All All
Operating System Canonical Ubuntu Linux 14.04 All All All
Operating System Canonical Ubuntu Linux 16.04 All All All
Operating System Debian Debian Linux 8.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Operating System Debian Debian Linux 8.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Application Gnupg Libgcrypt All All All All
Application Gnupg Libgcrypt All All All All

References

ReferenceSourceLinkTags
Cryptology ePrint Archive: Report 2017/627 MISC eprint.iacr.org Third Party Advisory
git.gnupg.org Git - libgcrypt.git/commit CONFIRM git.gnupg.org Patch, Vendor Advisory
git.gnupg.org Git - libgcrypt.git/commit CONFIRM git.gnupg.org Patch, Vendor Advisory
Debian -- Security Information -- DSA-3901-1 libgcrypt20 DEBIAN www.debian.org Third Party Advisory
git.gnupg.org Git - libgcrypt.git/commit git.gnupg.org
USN-3733-1: GnuPG vulnerability | Ubuntu security notices UBUNTU usn.ubuntu.com Third Party Advisory
git.gnupg.org Git - libgcrypt.git/commit CONFIRM git.gnupg.org Patch, Vendor Advisory
USN-3733-2: GnuPG vulnerability | Ubuntu security notices UBUNTU usn.ubuntu.com Third Party Advisory
git.gnupg.org Git - libgcrypt.git/commit git.gnupg.org
1466265 – (CVE-2017-7526) CVE-2017-7526 libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery CONFIRM bugzilla.redhat.com Issue Tracking, Patch, Third Party Advisory
git.gnupg.org Git - libgcrypt.git/commit git.gnupg.org
[Announce] Libgcrypt 1.7.8 released to fix CVE-2017-7526 MLIST lists.gnupg.org Mailing List, Vendor Advisory
Libgcrypt CVE-2017-7526 Information Disclosure Vulnerability BID www.securityfocus.com Third Party Advisory, VDB Entry
Debian -- Security Information -- DSA-3960-1 gnupg DEBIAN www.debian.org Third Party Advisory
Libgcrypt RSA-1024 Sliding-Window Expansion Side Channel Attack Lets Remote Users Recover Keys Used by the Target System in Certain Cases - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 500359 Alpine Linux Security Update for gnupg1
  • 671105 EulerOS Security Update for libgcrypt (EulerOS-SA-2019-2205)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report