GnuPG Libgcrypt 1.8.4
Approved changes feed: RSS · Atom
cpe:2.3:a:gnupg:libgcrypt:1.8.4:*:*:*:*:*:*:*
part: a version: 1.8.4 update: *
| Vendor | Gnupg (cf567c2a-c134-5510-af9f-62e22a797e74) |
|---|---|
| Product | Libgcrypt (5ca46195-6599-5c5c-ab9c-5b3ac10f1932) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/libgcrypt20 |
purl2cpe | 2026-06-01 10:12:44.026961 |
pkg:deb/ubuntu/libgcrypt20 |
purl2cpe | 2026-06-01 10:12:44.026962 |
pkg:github/gpg/libgcrypt |
purl2cpe | 2026-06-01 10:12:44.026963 |
pkg:gitlab/redhat/libgcrypt |
purl2cpe | 2026-06-01 10:12:44.026965 |
pkg:gnu/libgcrypt |
purl2cpe | 2026-06-01 10:12:44.026966 |
pkg:rpm/fedora/libgcrypt |
purl2cpe | 2026-06-01 10:12:44.026967 |
pkg:rpm/opensuse/libgcrypt |
purl2cpe | 2026-06-01 10:12:44.026969 |
pkg:rpm/opensuse/libgcrypt20 |
purl2cpe | 2026-06-01 10:12:44.026970 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-12904 |
vulnerable | 2026-06-08 05:12:40.631359 |
Details available
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack
Published: 2019-06-19T23:34:13.000Z
Updated: 2024-08-04T23:32:55.633Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.