CVE-2017-9526

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*

Information

Published : 2017-06-10 19:29

Updated : 2019-01-16 11:29


NVD link : CVE-2017-9526

Mitre link : CVE-2017-9526


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

gnupg

  • libgcrypt