2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal
encryption subkeys in applications using the libgcrypt11 library, for
example GnuPG 2.x, could be leaked via a side-channel attack (see
<http://www.cs.tau.ac.il/~tromer/handsoff/>).
This is fixed in Squeeze in version 1.4.5-2+squeeze2.
CPE | Name | Operator | Version |
---|---|---|---|
libgcrypt11 | eq | 1.4.5-2+squeeze1 | |
libgcrypt11 | eq | 1.4.5-2 |