Users login

Create an account »

JOIN XATRIX

Users login

Home » CVE Vulnerabilities » CVE-2017-9526

CVE-2017-9526 In Libgcrypt before 1.7.7, an attacker

  • CVE ID: CVE-2017-9526
  • Vendors:
  • Date: June 10, 2017
  • Severity:
  • Impact score: 0.00
  • Exploit score: 0.00

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »