CVE-2015-0837: 
Libgcrypt vulnerability analysis and mitigation

CVE-2015-0837 is a security vulnerability discovered in the mpi_powm function of Libgcrypt (versions before 1.6.3) and GnuPG (versions before 1.4.19). The vulnerability was disclosed in early 2015 and affected the modular exponentiation implementation in these cryptographic libraries (NVD, GnuPG Announce).

The vulnerability is related to data-dependent timing variations in the modular exponentiation routine mpi_powm() when accessing its internal pre-computed table. This made the implementation susceptible to a side-channel attack known as a 'Last-Level Cache Side-Channel Attack.' The vulnerability received a CVSS v3.1 base score of 5.9 (Medium) with vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation. This could potentially lead to the exposure of cryptographic keys or other sensitive cryptographic material (NVD).

The vulnerability was fixed in Libgcrypt version 1.6.3 and GnuPG version 1.4.19. Users are advised to upgrade to these or later versions. The fix involved modifications to the modular exponentiation routine to prevent timing-based side-channel attacks (GnuPG Announce, Debian Advisory).

The vulnerability was discovered by researchers and disclosed responsibly. The GnuPG project acknowledged Yuval Yarum and their team for providing advance information on the cache attack and sample code for the fix. The discovery led to significant updates in both Libgcrypt and GnuPG implementations (GnuPG Announce).