What is CVE-2015-7511?

CVE-2015-7511 is a low-severity vulnerability in Gnupg Libgcrypt, classified under Information Disclosure. CVSS score: 2.0/10. Published 2016-04-19.

How severe is CVE-2015-7511?

Low severity. CVSS v3 base score is 2.0 out of 10.

Information disclosure in Gnupg Libgcrypt

CVE-2015-7511

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.

Vulnerability class: Information Disclosure

EPSS: 0.001 (20.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.0 (Low). Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Gnupg Libgcrypt
Canonical Ubuntu_linux — versions 12.04, 14.04, 15.10
Debian Debian_linux — versions 7.0, 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

DSA-3478 (vendor-advisory, x_refsource_DEBIAN)
USN-2896-1 (x_refsource_UBUNTU, vendor-advisory)
GLSA-201610-04 (vendor-advisory, x_refsource_GENTOO)
[gnupg-announce] 20160209 [Announce] Libgcrypt 1.6.5 with security fix released (Vendor Advisory, mailing-list, x_refsource_MLIST)
DSA-3474 (vendor-advisory, x_refsource_DEBIAN)
83253 (vdb-entry, x_refsource_BID)
FEDORA-2016-83cd045bcc (x_refsource_FEDORA, vendor-advisory)
openSUSE-SU-2016:1227 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2015-7511?: CVE-2015-7511 is a low-severity vulnerability in Gnupg Libgcrypt, classified under Information Disclosure. CVSS score: 2.0/10. Published 2016-04-19.
How severe is CVE-2015-7511?: Low severity. CVSS v3 base score is 2.0 out of 10.