QwikSec

Security Database

CVE

CWE

Training

CVE-2017-9526

Published: Jun 11, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

x_refsource_CONFIRM

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

x_refsource_CONFIRM

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=5a22de904a0a366ae79f03ff1e13a1232a89e26b

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

vdb-entry

x_refsource_BID

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=f9494b3f258e01b6af8bd3941ce436bcc00afc56

x_refsource_CONFIRM

https://bugzilla.suse.com/show_bug.cgi?id=1042326

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.