Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
1.9
CVSSv2

CVE-2014-3591

Published: 29/11/2019 Updated: 05/12/2019
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 4.2 | Impact Score: 3.6 | Exploitability Score: 0.5
VMScore: 170
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Gnupg

Vulnerability Summary

Libgcrypt prior to 1.6.3 and GnuPG prior to 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate malicious users to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnupg gnupg

gnupg libgcrypt

debian debian linux 7.0

debian debian linux 8.0

Vendor Advisories

Ubuntu Security Notice: libgcrypt11, libgcrypt20 vulnerabilities
Several security issues were fixed in Libgcrypt ...
Ubuntu Security Notice: gnupg, gnupg2 vulnerabilities
Several security issues were fixed in GnuPG ...
Debian Security Advisories: DSA-3185-1 libgcrypt11 -- security update
Multiple vulnerabilities were discovered in libgcrypt: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University Ciphertext blinding was enabled to counteract it Note that this may have a quite noticeable impact on Elgamal decryption performance CVE-201 ...
Debian Security Advisories: DSA-3184-1 gnupg -- security update
Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University Ciphertext blinding was enabled to counteract it Note that this may have a quite noticeable impact on Elgamal decryption p ...
Amazon Linux AMI: ALAS-2015-577
Fix a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak (CVE-2015-0837) Fix a side-channel attack which can potentially lead to an information leak (CVE-2014-3591) Libgcrypt before 154, as used in GnuPG and other products, does not properly perform ciphertext nor ...

References

CWE-200https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.htmlhttp://www.debian.org/security/2015/dsa-3185http://www.cs.tau.ac.il/~tromer/radioexp/https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.htmlhttp://www.debian.org/security/2015/dsa-3184https://nvd.nist.govhttps://usn.ubuntu.com/2555-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook