CVE-2014-5270

Published Oct 10, 2014

Last updated 7 years ago

Overview

Description: Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B83822B-BC72-455D-A350-7DC9545E14A9",
            "versionEndIncluding": "1.5.3"
          },
          {
            "criteria": "cpe:2.3:a:gnupg:libgcrypt:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AE9E5CD-F6F8-4208-ACD2-5E2E88660A01"
          },
          {
            "criteria": "cpe:2.3:a:gnupg:libgcrypt:1.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "128317AB-E441-47E3-BE5C-86C0D9C267E1"
          },
          {
            "criteria": "cpe:2.3:a:gnupg:libgcrypt:1.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C7509E7-9DF3-42AC-A538-A1BE675253BF"
          },
          {
            "criteria": "cpe:2.3:a:gnupg:libgcrypt:1.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAFA68DC-FFA3-4538-8082-93588CCB44D7"
          },
          {
            "criteria": "cpe:2.3:a:gnupg:libgcrypt:1.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FEEF3D2-57D5-4E33-8856-B7A859ADD453"
          },
          {
            "criteria": "cpe:2.3:a:gnupg:libgcrypt:1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73E283C1-F1AE-4D29-A683-B5C5503133EC"
          },
          {
            "criteria": "cpe:2.3:a:gnupg:libgcrypt:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7AEF669-B7AA-425A-988A-9F858937EC76"
          },
          {
            "criteria": "cpe:2.3:a:gnupg:libgcrypt:1.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67D0DD4C-9A2C-4B41-BA83-E7492EF8D434"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References