QwikSec

Security Database

CVE

CWE

Training

CVE-2019-12904

Published: Jun 19, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://dev.gnupg.org/T4541

x_refsource_MISC

https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762

x_refsource_MISC

https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020

x_refsource_MISC

openSUSE-SU-2019:1792

vendor-advisory

x_refsource_SUSE

[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.