CVE-2014-3591

4.2MEDIUM

Key Information:

Vendor: Gnu
Status: Libgcrypt; Gnupg
Vendor: CVE Published:; 29 November 2019

Summary

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.

Affected Version(s)

GnuPG before 1.4.19

Libgcrypt before 1.6.3

References

http://www.cs.tau.ac.il/~tromer/radioexp/

x_refsource_MISC

https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/0...

x_refsource_MISC

https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/0...

x_refsource_MISC

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 29, 2019
Vulnerability Reserved
May 14, 2014

.