Vulnerability Details : CVE-2013-4576
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.
Products affected by CVE-2013-4576
- cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.4:-:win32:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.5:-:win32:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.90:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.1:windows:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.93:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.91:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:1.3.92:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4576
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4576
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2013-4576
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4576
-
http://www.securityfocus.com/bid/64424
GnuPG RSA Key Extraction Information Disclosure Vulnerability
-
http://www.debian.org/security/2013/dsa-2821
Debian -- Security Information -- DSA-2821-1 gnupg
-
http://rhn.redhat.com/errata/RHSA-2014-0016.html
RHSA-2014:0016 - Security Advisory - Red Hat Customer Portal
-
http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf
-
http://www.cs.tau.ac.il/~tromer/acoustic/
Acoustic cryptanalysis
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/89846
GnuPG RSA Key Extraction information disclosure CVE-2013-4576 Vulnerability Report
-
http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html
[Announce] [security fix] GnuPG 1.4.16 releasedPatch;Vendor Advisory
-
http://www.securitytracker.com/id/1029513
GnuPG Acoustic Side-Channel Attack Lets Local Users Recover RSA Secret Keys - SecurityTracker
-
http://www.ubuntu.com/usn/USN-2059-1
USN-2059-1: GnuPG vulnerability | Ubuntu security notices
-
http://seclists.org/oss-sec/2013/q4/520
oss-sec: GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)
-
http://seclists.org/oss-sec/2013/q4/523
oss-sec: Re: GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)
Jump to