Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libgcrypt
(Gnupg)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-10-09 | CVE-2014-5270 | Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576. | Debian_linux, Libgcrypt | N/A | ||
| 2013-08-19 | CVE-2013-4242 | GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. | Ubuntu_linux, Debian_linux, Gnupg, Libgcrypt, Opensuse | N/A |