Information Disclosure

2019-01-1509:01:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

JSON

libgcrypt is vulnerable to information disclosure attacks. The vulnerability exists as GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

CPENameOperatorVersion
libgcrypteq1.4.5__3.el6
libgcrypteq1.2.4__1.el5
libgcrypteq1.4.4__5.el5_8.2
libgcrypteq1.4.5__5.el6
libgcrypteq1.4.5__9.el6
libgcrypteq1.4.5__5.el6_1.1
libgcrypteq1.4.5__5.el6_1.2
libgcrypteq1.4.4__5.el5
libgcrypteq1.4.5__9.el6_2.2
gnupgeq1.4.5__14.el5_5.1

Name	Operator	Version
libgcrypt	eq	1.4.5__3.el6
libgcrypt	eq	1.2.4__1.el5
libgcrypt	eq	1.4.4__5.el5_8.2
libgcrypt	eq	1.4.5__5.el6
libgcrypt	eq	1.4.5__9.el6
libgcrypt	eq	1.4.5__5.el6_1.1
libgcrypt	eq	1.4.5__5.el6_1.2
libgcrypt	eq	1.4.4__5.el5
libgcrypt	eq	1.4.5__9.el6_2.2
gnupg	eq	1.4.5__14.el5_5.1