Debian Security Bug TrackerDEBIANCVE:CVE-2014-3591CVE-2014-3591
4.2 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
40.4%
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server’s private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | libgcrypt20 | < 1.6.3-2 | libgcrypt20_1.6.3-2_all.deb |
| Debian | 11 | all | libgcrypt20 | < 1.6.3-2 | libgcrypt20_1.6.3-2_all.deb |
| Debian | 10 | all | libgcrypt20 | < 1.6.3-2 | libgcrypt20_1.6.3-2_all.deb |
| Debian | 999 | all | libgcrypt20 | < 1.6.3-2 | libgcrypt20_1.6.3-2_all.deb |
| Debian | 13 | all | libgcrypt20 | < 1.6.3-2 | libgcrypt20_1.6.3-2_all.deb |
Related
4.2 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
40.4%