Page 3 of 13 results (0.007 seconds)

CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack." La función mpi_powm en Libgcrypt versiones anteriores a 1.6.3 y GnuPG versiones anteriores a 1.4.19, permite a atacantes obtener información confidencial mediante el aprovechamiento de las diferencias de tiempo al acceder a una tabla precalculada durante una exponenciación modular, relacionada con un "Last-Level Cache Side-Channel Attack". • http://www.debian.org/security/2015/dsa-3184 http://www.debian.org/security/2015/dsa-3185 https://ieeexplore.ieee.org/document/7163050 https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html • CWE-203: Observable Discrepancy •

CVSS: 2.1EPSS: 0%CPEs: 10EXPL: 0

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576. Libgcrypt anterior a 1.5.4, utilizado en GnuPG y otros productos, no realiza debidamente la normalización y aleatorización de texto cifrado, lo que facilita a atacantes físicamente próximos realizar ataques de extracción de claves mediante el aprovechamiento de la habilidad de recoger datos de voltaje del metal expuesto, un vector deferente a CVE-2013-4576. • http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html http://openwall.com/lists/oss-security/2014/08/16/2 http://www.cs.tau.ac.il/~tromer/handsoff http://www.debian.org/security/2014/dsa-3024 http://www.debian.org/security/2014/dsa-3073 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 1.9EPSS: 0%CPEs: 96EXPL: 0

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. GnuPG anterior a 1.4.14, y Libgcrypt anterior a 1.5.3 usado en GnuPG 2.0.x y posiblemente otros productos, permite a usuarios locales obtener las claves RSA privadas a través de un ataque "side-channel" que involucra la caché L3. Aka Flush+Reload. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880 http://eprint.iacr.org/2013/448 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-1457.html http://secunia.com/advisories/54318 http://secunia.com/advisories/54321 http://secunia.com/advisories/54332 http://secunia.com/advisories/54375 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •