CVE-2015-7511

Published: Apr 19, 2016Modified: May 6, 2026

2.0

Vector

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 0.5 / Impact: 1.4

Source: NVD

Description

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.

Affected (6)

Products: Gnupg: Libgcrypt · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnupg Libgcrypt	Up to 1.6.4

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

http://lists.opensuse.org/opensuse-updates/2016-05/msg00027.html

Source: secalert@redhat.com

http://www.cs.tau.ac.IL/~tromer/ecdh/

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3474

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3478

Source: secalert@redhat.com

http://www.securityfocus.com/bid/83253

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2896-1

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W2IL4PAEICHGA2XMQYRY3MIWHM4GMPAG/

Source: secalert@redhat.com

https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html

Source: secalert@redhat.com

Vendor Advisory

https://security.gentoo.org/glsa/201610-04

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2016-05/msg00027.html