Home » CVE Vulnerabilities » CVE-2017-9526
CVE-2017-9526 In Libgcrypt before 1.7.7, an attacker
- CVE ID: CVE-2017-9526
- Vendors:
- Date: June 10, 2017
- Severity:
- Impact score: 0.00
- Exploit score: 0.00
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.