Approved changes feed: RSS · Atom

cpe:2.3:a:gnupg:libgcrypt:1.8.4:*:*:*:*:*:*:*

part: a version: 1.8.4 update: *

VendorGnupg (cf567c2a-c134-5510-af9f-62e22a797e74)
ProductLibgcrypt (5ca46195-6599-5c5c-ab9c-5b3ac10f1932)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:deb/debian/libgcrypt20 purl2cpe 2026-06-01 10:12:44.026961
pkg:deb/ubuntu/libgcrypt20 purl2cpe 2026-06-01 10:12:44.026962
pkg:github/gpg/libgcrypt purl2cpe 2026-06-01 10:12:44.026963
pkg:gitlab/redhat/libgcrypt purl2cpe 2026-06-01 10:12:44.026965
pkg:gnu/libgcrypt purl2cpe 2026-06-01 10:12:44.026966
pkg:rpm/fedora/libgcrypt purl2cpe 2026-06-01 10:12:44.026967
pkg:rpm/opensuse/libgcrypt purl2cpe 2026-06-01 10:12:44.026969
pkg:rpm/opensuse/libgcrypt20 purl2cpe 2026-06-01 10:12:44.026970

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2019-12904 vulnerable 2026-06-08 05:12:40.631359 Details available
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack
Published: 2019-06-19T23:34:13.000Z
Updated: 2024-08-04T23:32:55.633Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.