← Back

CVE-2019-13627

nvd nist
Published: Sep 25, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.3
Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Exploitability: 1.0 / Impact: 5.2
Source: NVD

Description

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.

Affected (11)

Canonical
1 product
Ubuntu Linux
Opensuse
1 product
Leap
Libgcrypt20 Project
1 product
Libgcrypt20
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 18.04
Ubuntu Linux
Version 19.04
Ubuntu Linux
Version 19.10
Opensuse
Leap
Version 15.0
Leap
Version 15.1
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Libgcrypt20
Version 1.6.3-2+deb8u4
Running on/withPlatform Versions
Debian
Debian Linux
Version 8.0
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Libgcrypt20
Version 1.7.6-2+deb9u3
Running on/withPlatform Versions
Debian
Debian Linux
Version 9.0
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Libgcrypt20
Version 1.8.4-5
Running on/withPlatform Versions
Debian
Debian Linux
Version 10.0

Related CWEs

CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (24)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.