A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
Observable Timing Discrepancy
-
Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
---|---|---|---|---|---|
debian/libgcrypt20 | deb | debian | 12 | >=1.10.1-3 | Not yet available |
debian/libgcrypt20 | deb | debian | 13 | >=1.10.3-3 | Not yet available |
debian/libgcrypt20 | deb | debian | unstable | >=1.10.3-3 | Not yet available |
debian/libgcrypt20 | deb | debian | 10 | >=1.8.4-5+deb10u1 | Not yet available |
debian/libgcrypt20 | deb | debian | 11 | >=1.8.7-6 | Not yet available |
Severity and metrics
No CVSS data available from this source.
2.2
-