CVE-2014-5270

EPSS 0.07%

libgcrypt11 - security update

發布日:2014/10/10修改日:2026/4/28

描述

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.

受影響套件(5)

Debian/gnupgfrom 0, < 1.4.10-4+squeeze6
Debian/gnupgfrom 0, < 1.4.12-7+deb7u6
Debian/libgcrypt11from 0, < 1.4.5-2+squeeze2
Debian/libgcrypt11from 0, < 1.5.0-5+deb7u2
Debian/libgcrypt20from 0, < 1.6.0-2

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-5270