Medium severity5.9NVD Advisory· Published Jun 11, 2017· Updated May 13, 2026

CVE-2017-9526

Description

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.

Affected products

Gnupg/Libgcrypt
cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*
Range: <=1.7.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.suse.com/show_bug.cginvdIssue TrackingPatch
www.securityfocus.com/bid/99046nvdThird Party AdvisoryVDB Entry
www.debian.org/security/2017/dsa-3880nvd
www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlnvd
www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000