Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2014-5270

Published: 10/10/2014 Updated: 04/11/2017
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 188
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Gnupg

Vulnerability Summary

Libgcrypt prior to 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate malicious users to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnupg libgcrypt 1.5.0

gnupg libgcrypt 1.4.6

gnupg libgcrypt

gnupg libgcrypt 1.4.3

gnupg libgcrypt 1.4.0

gnupg libgcrypt 1.4.5

gnupg libgcrypt 1.4.4

gnupg libgcrypt 1.5.2

gnupg libgcrypt 1.5.1

debian debian linux 7.0

Vendor Advisories

Debian Security Advisories: DSA-3024-1 gnupg -- security update
Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal encryption subkeys (CVE-2014-5270) In addition, this update hardens GnuPG's behaviour when treating keyserver responses; GnuPG now filters keyserver responses to only accepts those keyid's actually requested by the user For the stable distribution (wheezy), this problem has bee ...
Ubuntu Security Notice: libgcrypt11 vulnerability
Libgcrypt could expose sensitive information when performing decryption ...
Ubuntu Security Notice: gnupg vulnerability
GnuPG could expose sensitive information when performing decryption ...
Ubuntu Security Notice: gnupg, gnupg2 vulnerabilities
Several security issues were fixed in GnuPG ...
Amazon Linux AMI: ALAS-2015-577
Fix a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak (CVE-2015-0837) Fix a side-channel attack which can potentially lead to an information leak (CVE-2014-3591) Libgcrypt before 154, as used in GnuPG and other products, does not properly perform ciphertext nor ...

References

CWE-200http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.htmlhttp://www.cs.tau.ac.il/~tromer/handsoff/http://openwall.com/lists/oss-security/2014/08/16/2http://www.debian.org/security/2014/dsa-3073http://www.debian.org/security/2014/dsa-3024https://nvd.nist.govhttps://www.debian.org/security/./dsa-3024https://usn.ubuntu.com/2339-2/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook