VDB
CVE-2017-7526
CVE-2017-7526
PUBLISHED
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.
EPSS 2.77% · 86.3th percentile
Risk Scores
EPSS Score
2.77%
86.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | gnupg | 1.4.16-1ubuntu2.1, 1.4.16-1ubuntu2, 1.4.16-1ubuntu1 |
| Ubuntu:16.04:LTS | gnupg | 0, 1.4.18-7ubuntu1, 1.4.19-6ubuntu1 |
| Ubuntu:14.04:LTS | libgcrypt11 | 1.5.0-3ubuntu3, 1.5.3-2ubuntu4.1, 0 |
| Ubuntu:16.04:LTS | libgcrypt20 | 1.6.4-5, 1.6.5-2, 1.6.5-2ubuntu0.2 |
Exploit Intelligence
- TestCommand.yaml (github-poc)
- TestCommand.yaml (github-poc)
- TestCommand.yaml (github-poc)
- TestCommand.yaml (github-poc)
- TestCommand.yaml (github-poc)
Timeline
- Jun 29, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- May 13, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-7526 third-party-advisory
- https://eprint.iacr.org/2017/627 third-party-advisory
- https://ubuntu.com/security/notices/USN-3347-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3347-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-3733-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3733-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-7526 third-party-advisory