Lucene search
HistoryOct 10, 2014 - 1:55 a.m.
CVE-2014-5270
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.2
Confidence
High
EPSS
0.002
Percentile
54.9%
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.
Affected configurations
Node
gnupglibgcryptRange≤1.5.3
ORgnupglibgcryptMatch1.4.0
ORgnupglibgcryptMatch1.4.3
ORgnupglibgcryptMatch1.4.4
ORgnupglibgcryptMatch1.4.5
ORgnupglibgcryptMatch1.4.6
ORgnupglibgcryptMatch1.5.0
ORgnupglibgcryptMatch1.5.1
ORgnupglibgcryptMatch1.5.2
Node
debiandebian_linuxMatch7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gnupg | libgcrypt | * | cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:* |
| gnupg | libgcrypt | 1.4.0 | cpe:2.3:a:gnupg:libgcrypt:1.4.0:*:*:*:*:*:*:* |
| gnupg | libgcrypt | 1.4.3 | cpe:2.3:a:gnupg:libgcrypt:1.4.3:*:*:*:*:*:*:* |
| gnupg | libgcrypt | 1.4.4 | cpe:2.3:a:gnupg:libgcrypt:1.4.4:*:*:*:*:*:*:* |
| gnupg | libgcrypt | 1.4.5 | cpe:2.3:a:gnupg:libgcrypt:1.4.5:*:*:*:*:*:*:* |
| gnupg | libgcrypt | 1.4.6 | cpe:2.3:a:gnupg:libgcrypt:1.4.6:*:*:*:*:*:*:* |
| gnupg | libgcrypt | 1.5.0 | cpe:2.3:a:gnupg:libgcrypt:1.5.0:*:*:*:*:*:*:* |
| gnupg | libgcrypt | 1.5.1 | cpe:2.3:a:gnupg:libgcrypt:1.5.1:*:*:*:*:*:*:* |
| gnupg | libgcrypt | 1.5.2 | cpe:2.3:a:gnupg:libgcrypt:1.5.2:*:*:*:*:*:*:* |
| debian | debian_linux | 7.0 | cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2014-5270
2014-08-18 00:00:00
CVE-2013-4576
2013-12-18 00:00:00
prion
prion
Code injection
2014-10-10 01:55:00
Code injection
2013-12-20 21:55:00
debiancve
debiancve
CVE-2014-5270
2014-10-10 01:55:10
cvelist
cvelist
CVE-2014-5270
2014-10-10 01:00:00
CVE-2013-4576
2013-12-20 21:00:00
cve
cve
CVE-2014-5270
2014-10-10 01:55:10
CVE-2013-4576
2013-12-20 21:55:06
openvas
openvas
Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2019-1750)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2019-2006)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2020-1189)
2020-03-13 00:00:00
nessus
nessus
EulerOS 2.0 SP2 : libgcrypt (EulerOS-SA-2019-1750)
2019-07-22 00:00:00
EulerOS Virtualization for ARM 64 3.0.2.0 : libgcrypt (EulerOS-SA-2020-1189)
2020-03-13 00:00:00
EulerOS 2.0 SP5 : libgcrypt (EulerOS-SA-2019-2205)
2019-11-08 00:00:00
amazon
amazon
Medium: libgcrypt
2015-08-04 17:43:00
Medium: gnupg
2014-01-14 16:18:00
mageia
mageia
Updated libgcrypt packages fix CVE-2014-5270
2014-09-05 13:07:37
Updated gnupg packages fix CVE-2014-5270
2014-09-22 12:31:24
Updated gnupg package fixes CVE-2013-4576
2013-12-20 21:29:34
debian
debian
[SECURITY] [DLA 93-1] libgcrypt11 security update
2014-11-25 09:25:48
[SECURITY] [DSA 3073-1] libgcrypt11 security update
2014-11-16 13:18:08
[SECURITY] [DSA 3024-1] gnupg security update
2014-09-11 20:35:10
gentoo
gentoo
Libgcrypt: Side-channel attack
2014-08-29 00:00:00
securityvulns
securityvulns
GnuPG / libcrypt information leakage
2014-09-15 00:00:00
[USN-2339-1] GnuPG vulnerability
2014-09-15 00:00:00
[USN-2059-1] GnuPG vulnerability
2013-12-23 00:00:00
ubuntu
ubuntu
GnuPG vulnerability
2014-09-03 00:00:00
Libgcrypt vulnerability
2014-09-03 00:00:00
GnuPG vulnerability
2013-12-18 00:00:00
osv
osv
libgcrypt11 - security update
2014-11-16 00:00:00
gnupg - security-update
2014-09-14 00:00:00
libgcrypt11 - security update
2014-11-25 00:00:00
f5
f5
K16396 : GnuPG vulnerability CVE-2013-4576
2015-04-09 00:00:00
SOL16396 - GnuPG vulnerability CVE-2013-4576
2015-04-09 00:00:00
freebsd
freebsd
gnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack
2013-12-18 00:00:00
centos
centos
gnupg security update
2014-01-08 22:53:33
nvd
nvd
CVE-2013-4576
2013-12-20 21:55:06
oraclelinux
oraclelinux
gnupg security update
2014-01-08 00:00:00
slackware
slackware
[slackware-security] gnupg
2013-12-21 19:34:33
redhat
redhat
(RHSA-2014:0016) Moderate: gnupg security update
2014-01-08 00:00:00
veracode
veracode
Side-channel Attack
2019-01-15 08:54:58
fedora
fedora
[SECURITY] Fedora 20 Update: gnupg-1.4.16-2.fc20
2013-12-23 03:48:29
[SECURITY] Fedora 20 Update: gnupg-1.4.17-1.fc20
2014-06-27 02:28:57
[SECURITY] Fedora 20 Update: gnupg-1.4.19-2.fc20
2015-03-14 09:16:09
rosalinux
rosalinux
Advisory ROSA-SA-2021-1870
2021-07-02 17:14:28
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.2
Confidence
High
EPSS
0.002
Percentile
54.9%
Related for NVD:CVE-2014-5270