QwikSec

Security Database

CVE

CWE

Training

CVE-2013-4576

Published: Dec 20, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_UBUNTU

vdb-entry

x_refsource_OSVDB

[gnupg-devel] 20131218 [Announce] [security fix] GnuPG 1.4.16 released

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_SECTRACK

gunpg-cve20134576-info-disclosure(89846)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_DEBIAN

http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf

x_refsource_MISC

[oss-security] 20131218 Re: GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)

mailing-list

x_refsource_MLIST

http://www.cs.tau.ac.il/~tromer/acoustic/

x_refsource_MISC

[oss-security] 20131218 GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.