CVE-2013-4242 Information

Feb 14, 2021 cve

Description

GnuPG before 1.4.14 and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache aka Flush+Reload.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880 http://eprint.iacr.org/2013/448 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-1457.html http://secunia.com/advisories/54318 http://secunia.com/advisories/54321 http://secunia.com/advisories/54332 http://secunia.com/advisories/54375 http://www.debian.org/security/2013/dsa-2730 http://www.debian.org/security/2013/dsa-2731 http://www.kb.cert.org/vuls/id/976534 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/61464 http://www.ubuntu.com/usn/USN-1923-1

Share on: