{"id":"UBUNTU-CVE-2017-9526","details":"In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.","modified":"2026-02-04T02:26:40.248036Z","published":"2017-06-10T00:00:00Z","related":["USN-3347-1"],"upstream":["CVE-2017-9526"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9526"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3347-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2017-9526"}],"affected":[{"package":{"name":"libgcrypt20","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/libgcrypt20@1.6.5-2ubuntu0.3?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.5-2ubuntu0.3"}]}],"versions":["1.6.3-2ubuntu1","1.6.4-3","1.6.4-4","1.6.4-5","1.6.5-2","1.6.5-2ubuntu0.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libgcrypt11-dev","binary_version":"1.5.4-3+really1.6.5-2ubuntu0.3"},{"binary_name":"libgcrypt20","binary_version":"1.6.5-2ubuntu0.3"},{"binary_name":"libgcrypt20-dev","binary_version":"1.6.5-2ubuntu0.3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-9526.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}]}