CVE-2013-4576
gnupg: RSA secret key recovery via acoustic cryptanalysis
Severity Score
4.2
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.
GnuPG 1.x anteriores a 1.4.16 genera claves RSA utilizando secuencias de introducciones con ciertos patrones que introducen un ataque de canal lateral, lo cual permite a atacantes físicamente próximos extraer claves RSA a través de un ataque de texto cifrado elegido y criptoanálisis acústico durante el descifrado. NOTA: normalmente no se espera de las aplicaciones que se protejan ante ataques laterales acústicos, dado que esto es responsabilidad del dispositivo físico. De esta manera, problemas de este tipo no recibirán normalmente un identificador CVE. En cualquier caso, para este problema, el desarrollador a especificado una política de seguridad en la cual GnuPG debería ofrecer resistencia ante cnales laterales, y violaciones de políticas de seguridad específicas para los desarrolladores están dentro del ámbito de CVE.
The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to side-channel attacks via acoustic cryptanalysis. An attacker in close range to a target system that is decrypting ciphertexts could possibly use this flaw to recover the RSA secret key from that system.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-12 CVE Reserved
- 2013-12-19 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/101170 | Vdb Entry | |
| http://seclists.org/oss-sec/2013/q4/520 | Mailing List |
|
| http://seclists.org/oss-sec/2013/q4/523 | Mailing List |
|
| http://www.cs.tau.ac.il/~tromer/acoustic | X_refsource_misc | |
| http://www.securityfocus.com/bid/64424 | Vdb Entry | |
| http://www.securitytracker.com/id/1029513 | Vdb Entry | |
| http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89846 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html | 2017-08-29 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0016.html | 2017-08-29 | |
| http://www.debian.org/security/2013/dsa-2821 | 2017-08-29 | |
| http://www.ubuntu.com/usn/USN-2059-1 | 2017-08-29 | |
| https://access.redhat.com/security/cve/CVE-2013-4576 | 2014-01-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1043327 | 2014-01-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | <= 1.4.15 Search vendor "Gnupg" for product "Gnupg" and version " <= 1.4.15" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.0.0 Search vendor "Gnupg" for product "Gnupg" and version "1.0.0" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.0.1 Search vendor "Gnupg" for product "Gnupg" and version "1.0.1" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.0.2 Search vendor "Gnupg" for product "Gnupg" and version "1.0.2" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.0.3 Search vendor "Gnupg" for product "Gnupg" and version "1.0.3" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.0.4 Search vendor "Gnupg" for product "Gnupg" and version "1.0.4" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.0.4 Search vendor "Gnupg" for product "Gnupg" and version "1.0.4" | win32 |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.0.5 Search vendor "Gnupg" for product "Gnupg" and version "1.0.5" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.0.5 Search vendor "Gnupg" for product "Gnupg" and version "1.0.5" | win32 |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.0.6 Search vendor "Gnupg" for product "Gnupg" and version "1.0.6" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.0.7 Search vendor "Gnupg" for product "Gnupg" and version "1.0.7" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.2.0 Search vendor "Gnupg" for product "Gnupg" and version "1.2.0" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.2.1 Search vendor "Gnupg" for product "Gnupg" and version "1.2.1" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.2.1 Search vendor "Gnupg" for product "Gnupg" and version "1.2.1" | windows |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.2.2 Search vendor "Gnupg" for product "Gnupg" and version "1.2.2" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.2.3 Search vendor "Gnupg" for product "Gnupg" and version "1.2.3" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.2.4 Search vendor "Gnupg" for product "Gnupg" and version "1.2.4" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.2.5 Search vendor "Gnupg" for product "Gnupg" and version "1.2.5" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.2.6 Search vendor "Gnupg" for product "Gnupg" and version "1.2.6" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.2.7 Search vendor "Gnupg" for product "Gnupg" and version "1.2.7" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.3.0 Search vendor "Gnupg" for product "Gnupg" and version "1.3.0" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.3.1 Search vendor "Gnupg" for product "Gnupg" and version "1.3.1" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.3.2 Search vendor "Gnupg" for product "Gnupg" and version "1.3.2" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.3.3 Search vendor "Gnupg" for product "Gnupg" and version "1.3.3" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.3.4 Search vendor "Gnupg" for product "Gnupg" and version "1.3.4" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.3.6 Search vendor "Gnupg" for product "Gnupg" and version "1.3.6" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.3.90 Search vendor "Gnupg" for product "Gnupg" and version "1.3.90" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.3.91 Search vendor "Gnupg" for product "Gnupg" and version "1.3.91" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.3.92 Search vendor "Gnupg" for product "Gnupg" and version "1.3.92" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.3.93 Search vendor "Gnupg" for product "Gnupg" and version "1.3.93" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4 Search vendor "Gnupg" for product "Gnupg" and version "1.4" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.0 Search vendor "Gnupg" for product "Gnupg" and version "1.4.0" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.2 Search vendor "Gnupg" for product "Gnupg" and version "1.4.2" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.3 Search vendor "Gnupg" for product "Gnupg" and version "1.4.3" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.4 Search vendor "Gnupg" for product "Gnupg" and version "1.4.4" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.5 Search vendor "Gnupg" for product "Gnupg" and version "1.4.5" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.6 Search vendor "Gnupg" for product "Gnupg" and version "1.4.6" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.8 Search vendor "Gnupg" for product "Gnupg" and version "1.4.8" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.10 Search vendor "Gnupg" for product "Gnupg" and version "1.4.10" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.11 Search vendor "Gnupg" for product "Gnupg" and version "1.4.11" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.12 Search vendor "Gnupg" for product "Gnupg" and version "1.4.12" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.13 Search vendor "Gnupg" for product "Gnupg" and version "1.4.13" | - |
Affected
| ||||||
| Gnupg Search vendor "Gnupg" | Gnupg Search vendor "Gnupg" for product "Gnupg" | 1.4.14 Search vendor "Gnupg" for product "Gnupg" and version "1.4.14" | - |
Affected
| ||||||