Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for GnuPG by GNU

    CVE-2015-0837 (GCVE-0-2015-0837)

    Vulnerability from nvd – Published: 2019-11-29 21:10 – Updated: 2024-08-06 04:26
    VLAI
    Summary
    The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    Impacted products
    Vendor Product Version
    GNU Libgcrypt Affected: before 1.6.3
    Create a notification for this product.
    GNU GnuPG Affected: before 1.4.19
    Create a notification for this product.
    Date Public
    2012-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:26:11.067Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3184"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3185"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ieeexplore.ieee.org/document/7163050"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Libgcrypt",
              "vendor": "GNU",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.6.3"
                }
              ]
            },
            {
              "product": "GnuPG",
              "vendor": "GNU",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.4.19"
                }
              ]
            }
          ],
          "datePublic": "2012-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-29T21:10:03.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3184"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3185"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ieeexplore.ieee.org/document/7163050"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2015-0837",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Libgcrypt",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.6.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GnuPG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.4.19"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GNU"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.debian.org/security/2015/dsa-3184",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3184"
                },
                {
                  "name": "http://www.debian.org/security/2015/dsa-3185",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3185"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html",
                  "refsource": "CONFIRM",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html",
                  "refsource": "CONFIRM",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
                },
                {
                  "name": "https://ieeexplore.ieee.org/document/7163050",
                  "refsource": "MISC",
                  "url": "https://ieeexplore.ieee.org/document/7163050"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2015-0837",
        "datePublished": "2019-11-29T21:10:03.000Z",
        "dateReserved": "2015-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:26:11.067Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3591 (GCVE-0-2014-3591)

    Vulnerability from nvd – Published: 2019-11-29 21:02 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    Impacted products
    Vendor Product Version
    GNU Libgcrypt Affected: before 1.6.3
    Create a notification for this product.
    GNU GnuPG Affected: before 1.4.19
    Create a notification for this product.
    Date Public
    2012-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:17.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3184"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3185"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Libgcrypt",
              "vendor": "GNU",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.6.3"
                }
              ]
            },
            {
              "product": "GnuPG",
              "vendor": "GNU",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.4.19"
                }
              ]
            }
          ],
          "datePublic": "2012-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server\u0027s private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-29T21:02:23.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3184"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3185"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-3591",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Libgcrypt",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.6.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GnuPG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.4.19"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GNU"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server\u0027s private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.cs.tau.ac.il/~tromer/radioexp/",
                  "refsource": "MISC",
                  "url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html",
                  "refsource": "MISC",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html",
                  "refsource": "MISC",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
                },
                {
                  "name": "http://www.debian.org/security/2015/dsa-3184",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3184"
                },
                {
                  "name": "http://www.debian.org/security/2015/dsa-3185",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3185"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3591",
        "datePublished": "2019-11-29T21:02:23.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:17.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0837 (GCVE-0-2015-0837)

    Vulnerability from cvelistv5 – Published: 2019-11-29 21:10 – Updated: 2024-08-06 04:26
    VLAI
    Summary
    The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    Impacted products
    Vendor Product Version
    GNU Libgcrypt Affected: before 1.6.3
    Create a notification for this product.
    GNU GnuPG Affected: before 1.4.19
    Create a notification for this product.
    Date Public
    2012-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:26:11.067Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3184"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3185"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ieeexplore.ieee.org/document/7163050"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Libgcrypt",
              "vendor": "GNU",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.6.3"
                }
              ]
            },
            {
              "product": "GnuPG",
              "vendor": "GNU",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.4.19"
                }
              ]
            }
          ],
          "datePublic": "2012-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-29T21:10:03.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3184"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3185"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ieeexplore.ieee.org/document/7163050"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2015-0837",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Libgcrypt",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.6.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GnuPG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.4.19"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GNU"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.debian.org/security/2015/dsa-3184",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3184"
                },
                {
                  "name": "http://www.debian.org/security/2015/dsa-3185",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3185"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html",
                  "refsource": "CONFIRM",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html",
                  "refsource": "CONFIRM",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
                },
                {
                  "name": "https://ieeexplore.ieee.org/document/7163050",
                  "refsource": "MISC",
                  "url": "https://ieeexplore.ieee.org/document/7163050"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2015-0837",
        "datePublished": "2019-11-29T21:10:03.000Z",
        "dateReserved": "2015-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:26:11.067Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3591 (GCVE-0-2014-3591)

    Vulnerability from cvelistv5 – Published: 2019-11-29 21:02 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    Impacted products
    Vendor Product Version
    GNU Libgcrypt Affected: before 1.6.3
    Create a notification for this product.
    GNU GnuPG Affected: before 1.4.19
    Create a notification for this product.
    Date Public
    2012-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:17.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3184"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3185"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Libgcrypt",
              "vendor": "GNU",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.6.3"
                }
              ]
            },
            {
              "product": "GnuPG",
              "vendor": "GNU",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.4.19"
                }
              ]
            }
          ],
          "datePublic": "2012-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server\u0027s private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-29T21:02:23.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3184"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3185"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-3591",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Libgcrypt",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.6.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GnuPG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 1.4.19"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GNU"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server\u0027s private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.cs.tau.ac.il/~tromer/radioexp/",
                  "refsource": "MISC",
                  "url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html",
                  "refsource": "MISC",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
                },
                {
                  "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html",
                  "refsource": "MISC",
                  "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
                },
                {
                  "name": "http://www.debian.org/security/2015/dsa-3184",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3184"
                },
                {
                  "name": "http://www.debian.org/security/2015/dsa-3185",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3185"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3591",
        "datePublished": "2019-11-29T21:02:23.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:17.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }