QwikSec

Security Database

CVE

CWE

Training

CVE-2014-3591

Published: Nov 29, 2019

Modified: Aug 6, 2024

PUBLISHED

Description

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.

Vendor	Product	Versions
GNU	Libgcrypt	affected `before 1.6.3`
GNU	GnuPG	affected `before 1.4.19`

References

http://www.cs.tau.ac.il/~tromer/radioexp/

x_refsource_MISC

https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html

x_refsource_MISC

https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html

x_refsource_MISC

http://www.debian.org/security/2015/dsa-3184

x_refsource_MISC

http://www.debian.org/security/2015/dsa-3185

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.