Ciphertext Normalization and Randomization Vulnerability in Libgcrypt for GnuPG
CVE-2014-5270

Currently unrated

Key Information:

Vendor: Gnupg
Status: Libgcrypt
Vendor: CVE Published:; 10 October 2014

What is CVE-2014-5270?

Libgcrypt, a cryptographic library used in GnuPG and various other products, is susceptible to vulnerabilities due to improper handling of ciphertext normalization and randomization. Attackers in close proximity to a vulnerable system can exploit this weakness through side-channel attacks, such as collecting voltage fluctuations from exposed components, to extract cryptographic keys. This type of vulnerability emphasizes the importance of robust cryptographic implementations to safeguard against physical access threats.

References

http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/00...

mailing-listx_refsource_MLIST

http://www.debian.org/security/2014/dsa-3073

vendor-advisoryx_refsource_DEBIAN

http://openwall.com/lists/oss-security/2014/08/16/2

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2014
Vulnerability Reserved
Aug 15, 2014

CVE-2014-5270 Data

JSON

Gnupg

What is CVE-2014-5270?

References

Timeline