Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-4242

Опубликовано: 19 авг. 2013
Источник: nvd
CVSS2: 1.9
EPSS Низкий

Описание

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*
Версия до 1.4.13 (включая)
cpe:2.3:a:gnupg:gnupg:0.0.0:-:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.2.15:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.2.16:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.2.17:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.2.18:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.2.19:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.3.4:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.3.5:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.4.5:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.9.10:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:0.9.11:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.0.4:-:win32:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.0.5:-:win32:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.2.1:windows:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.3.90:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.3.91:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.3.92:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.3.93:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.18:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.0.19:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*
Версия до 1.5.2 (включая)
cpe:2.3:a:gnupg:libgcrypt:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:1.5.1:*:*:*:*:*:*:*
Конфигурация 6

Одно из

cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

EPSS

Процентиль: 27%
0.0009
Низкий

1.9 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu
почти 12 лет назад

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

redhat
около 12 лет назад

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

debian
почти 12 лет назад

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x ...

github
больше 3 лет назад

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

oracle-oval
почти 12 лет назад

ELSA-2013-1457: libgcrypt security update (MODERATE)

EPSS

Процентиль: 27%
0.0009
Низкий

1.9 Low

CVSS2

Дефекты

CWE-200