CVE-2015-0837

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2015-0837
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."

5.9 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://www.debian.org/security/2015/dsa-3185 Third Party Advisory
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html Mailing List Vendor Advisory
https://ieeexplore.ieee.org/document/7163050 Third Party Advisory
http://www.debian.org/security/2015/dsa-3184 Third Party Advisory
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html Mailing List Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Information

Published : 2019-11-29 14:15

Updated : 2019-12-14 05:59

NVD link : CVE-2015-0837

Mitre link : CVE-2015-0837

JSON object : View

CWE
CWE-203

Observable Discrepancy

Advertisement

dedicated server usa
Products Affected

debian

  • debian_linux

gnupg

  • libgcrypt
  • gnupg