Vulnerabilities (CVE)

Filtered by vendor Gnupg Subscribe

Filtered by product Libgcrypt

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2013-4242	4 Canonical, Debian, Gnupg and 1 more	5 Ubuntu Linux, Debian Linux, Gnupg and 2 more	2018-10-30	1.9 LOW	N/A
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
CVE-2014-5270	2 Debian, Gnupg	2 Debian Linux, Libgcrypt	2017-11-04	2.1 LOW	N/A
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.