{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2013-4576: Normalize the MPIs to prevent possible side-channel\n attacks\n- CVE-2014-3591: Use ciphertext blinding for Elgamal to prevent\n possible side-channel attacks\n- CVE-2021-33560: Use of smaller K for ephemeral key in ElGamal\n prevent generation of weak keys\n- CVE-2021-40528: Add exponent blinding as well to mitigate\n side-channel attack on mpi_powm\n- tests: Add a benchmark for Elgamal", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2023:1698945053", "url": "https://cve.tuxcare.com/els/releases/CLSA-2023:1698945053" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos7els/advisories/2023/clsa-2023_1698945053.json" } ], "tracking": { "current_release_date": "2026-05-05T11:27:57Z", "generator": { "date": "2026-05-05T11:27:57Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2023:1698945053", "initial_release_date": "2023-11-02T13:10:55Z", "revision_history": [ { "date": "2023-11-02T13:10:55Z", "number": "1", "summary": "Initial version" }, { "date": "2026-05-05T11:27:57Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "libgcrypt: Fix of 4 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 7", "product": { "name": "Community Enterprise Operating System 7", "product_id": "CentOS-7", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64", "product": { "name": "libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64", "product_id": "libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libgcrypt-devel@1.5.3-14.el7.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64", "product": { "name": "libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64", "product_id": "libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libgcrypt@1.5.3-14.el7.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686", "product": { "name": "libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686", "product_id": "libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libgcrypt-devel@1.5.3-14.el7.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686", "product": { "name": "libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686", "product_id": "libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libgcrypt@1.5.3-14.el7.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64" }, "product_reference": "libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686" }, "product_reference": "libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64" }, "product_reference": "libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686" }, "product_reference": "libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686", "relates_to_product_reference": "CentOS-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-4576", "notes": [ { "category": "description", "text": "GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2013-4576" }, { "category": "external", "summary": "http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html", "url": "http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html" }, { "category": "external", "summary": "http://osvdb.org/101170", "url": "http://osvdb.org/101170" }, { "category": "external", "summary": "http://rhn.redhat.com/errata/RHSA-2014-0016.html", "url": "http://rhn.redhat.com/errata/RHSA-2014-0016.html" }, { "category": "external", "summary": "http://seclists.org/oss-sec/2013/q4/520", "url": "http://seclists.org/oss-sec/2013/q4/520" }, { "category": "external", "summary": "http://seclists.org/oss-sec/2013/q4/523", "url": "http://seclists.org/oss-sec/2013/q4/523" }, { "category": "external", "summary": "http://www.cs.tau.ac.il/~tromer/acoustic/", "url": "http://www.cs.tau.ac.il/~tromer/acoustic/" }, { "category": "external", "summary": "http://www.debian.org/security/2013/dsa-2821", "url": "http://www.debian.org/security/2013/dsa-2821" }, { "category": "external", "summary": "http://www.securityfocus.com/bid/64424", "url": "http://www.securityfocus.com/bid/64424" }, { "category": "external", "summary": "http://www.securitytracker.com/id/1029513", "url": "http://www.securitytracker.com/id/1029513" }, { "category": "external", "summary": "http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf", "url": "http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf" }, { "category": "external", "summary": "http://www.ubuntu.com/usn/USN-2059-1", "url": "http://www.ubuntu.com/usn/USN-2059-1" }, { "category": "external", "summary": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89846", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89846" } ], "release_date": "2013-12-20T21:55:00Z", "remediations": [ { "category": "vendor_fix", "date": "2023-11-02T13:10:55Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2023:1698945053", "product_ids": [ "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2023:1698945053" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2021-40528", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "notes": [ { "category": "description", "text": "The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-40528" }, { "category": "external", "summary": "https://eprint.iacr.org/2021/923", "url": "https://eprint.iacr.org/2021/923" }, { "category": "external", "summary": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f2e23e16adf3ed5176e0f2413d8861320", "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=3462280f2e23e16adf3ed5176e0f2413d8861320" }, { "category": "external", "summary": "https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1", "url": "https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1" }, { "category": "external", "summary": "https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2", "url": "https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202210-13", "url": "https://security.gentoo.org/glsa/202210-13" } ], "release_date": "2021-09-06T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2023-11-02T13:10:55Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2023:1698945053", "product_ids": [ "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2023:1698945053" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2014-3591", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "description", "text": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2014-3591" }, { "category": "external", "summary": "http://www.cs.tau.ac.il/~tromer/radioexp/", "url": "http://www.cs.tau.ac.il/~tromer/radioexp/" }, { "category": "external", "summary": "http://www.debian.org/security/2015/dsa-3184", "url": "http://www.debian.org/security/2015/dsa-3184" }, { "category": "external", "summary": "http://www.debian.org/security/2015/dsa-3185", "url": "http://www.debian.org/security/2015/dsa-3185" }, { "category": "external", "summary": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html" }, { "category": "external", "summary": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html" } ], "release_date": "2019-11-29T22:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2023-11-02T13:10:55Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2023:1698945053", "product_ids": [ "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2023:1698945053" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2021-33560", "cwe": { "id": "CWE-203", "name": "Observable Discrepancy" }, "notes": [ { "category": "description", "text": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-33560" }, { "category": "external", "summary": "https://dev.gnupg.org/T5305", "url": "https://dev.gnupg.org/T5305" }, { "category": "external", "summary": "https://dev.gnupg.org/T5328", "url": "https://dev.gnupg.org/T5328" }, { "category": "external", "summary": "https://dev.gnupg.org/T5466", "url": "https://dev.gnupg.org/T5466" }, { "category": "external", "summary": "https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61", "url": "https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202210-13", "url": "https://security.gentoo.org/glsa/202210-13" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuapr2022.html", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujul2022.html", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuoct2021.html", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" } ], "release_date": "2021-06-08T11:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2023-11-02T13:10:55Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2023:1698945053", "product_ids": [ "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2023:1698945053" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-0:1.5.3-14.el7.tuxcare.els1.x86_64", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.i686", "CentOS-7:libgcrypt-devel-0:1.5.3-14.el7.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }