Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Jul 2016 14:19:38 +0530
From: Huzaifa Sidhpurwala <>
        Mitre CVE assign department <>
Subject: CVE Request: nettle's RSA code is vulnerable to cache sharing related

Hi All,

The following whitepaper talks about libgcrypt's RSA code being
vulnerable to a cache timing attack, which the paper claims is fixed in

It seems nettle is also vulnerable to this flaw. Which was confirmed by
upstream via:

The above link also contains a proposed patch, will be committed soon.

I would like to request a CVE id for the flaw in nettle.

Note: libgcrypt-1.6.3. release notes talk about 2 cves being fixed, but
they dont mention this paper at all. (I am going to talk to the
researchers to figure this out)

Huzaifa Sidhpurwala / Red Hat Product Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ