Vulnerability Details : CVE-2014-3591
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
Vulnerability category: Information leak
Products affected by CVE-2014-3591
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3591
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3591
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:P/I:N/A:N |
3.4
|
2.9
|
NIST | |
4.2
|
MEDIUM | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
0.5
|
3.6
|
NIST |
CWE ids for CVE-2014-3591
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3591
-
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html
[Announce] Libgcrypt 1.6.3 released (with SCA fix)Patch;Vendor Advisory
-
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
[Announce] GnuPG 1.4.19 released (with SCA fix)Patch;Release Notes;Vendor Advisory
-
http://www.debian.org/security/2015/dsa-3185
Debian -- Security Information -- DSA-3185-1 libgcrypt11Third Party Advisory
-
http://www.cs.tau.ac.il/~tromer/radioexp/
Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed ExponentiationThird Party Advisory
-
http://www.debian.org/security/2015/dsa-3184
Debian -- Security Information -- DSA-3184-1 gnupgThird Party Advisory
Jump to