Search CVE reports
21 – 23 of 23 results
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might...
10 affected packages
openssl, mbedtls, openssl098, bouncycastle, gnutls26...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | — | Not affected |
| mbedtls | — | — | — | — | Not affected |
| openssl098 | — | — | — | — | Not in release |
| bouncycastle | — | — | — | — | Not affected |
| gnutls26 | — | — | — | — | Not in release |
| gnutls28 | — | — | — | — | Not affected |
| libgcrypt11 | — | — | — | — | Not in release |
| nss | — | — | — | — | Not affected |
| polarssl | — | — | — | — | Not in release |
| python-crypto | — | — | — | — | Not affected |
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
2 affected packages
gnupg, libgcrypt11
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gnupg | — | — | — | — | — |
| libgcrypt11 | — | — | — | — | — |
Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for...
1 affected package
libgc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libgc | — | — | — | — | — |