gpg/libgcrypt

GitHub

github.com

git.gnupg.org

Releases220

Frequency1 month 2 weeks

Last Release about 2 months ago

Stars272

The GNU crypto library. NOTE: Maintainers are not tracking this mirror. Do not make pull requests here, nor comment any commits, submit them usual way to bug tracker (https://www.gnupg.org/documentation/bts.html) or to the mailing list (https://www.gnupg.org/documentation/mailing-lists.html).

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-13627 ↗	Sep 25, 2019Wednesday, 25 September 2019, 15:15	6.3 MEDIUM	2.6 LOW
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
CVE-2019-12904 ↗	Jun 20, 2019Thursday, 20 June 2019, 00:15	5.9 MEDIUM	4.3 MEDIUM
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack