CVE-2014-3591
N/A
N/A
Summary
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GNU | Libgcrypt | before 1.6.3 | affected |
| GNU | GnuPG | before 1.4.19 | affected |
Weaknesses
- Other
ADP Enrichment
CVE Program Container
Additional References
- http://www.cs.tau.ac.il/~tromer/radioexp/
- https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
- https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html
- http://www.debian.org/security/2015/dsa-3184
- http://www.debian.org/security/2015/dsa-3185
References
- http://www.cs.tau.ac.il/~tromer/radioexp/
- https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
- https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html
- http://www.debian.org/security/2015/dsa-3184
- http://www.debian.org/security/2015/dsa-3185
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.