Описание
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.4.16-1.2ubuntu1 |
| esm-infra-legacy/trusty | not-affected | 1.4.16-1ubuntu2.1 |
| lucid | released | 1.4.10-2ubuntu1.7 |
| precise | released | 1.4.11-3ubuntu2.7 |
| trusty | not-affected | 1.4.16-1ubuntu2.1 |
| trusty/esm | not-affected | 1.4.16-1ubuntu2.1 |
| upstream | released | 1.4.16-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.5.4-2ubuntu1 |
| esm-infra-legacy/trusty | released | 1.5.3-2ubuntu4.1 |
| lucid | released | 1.4.4-5ubuntu2.3 |
| precise | released | 1.5.0-3ubuntu0.3 |
| trusty | released | 1.5.3-2ubuntu4.1 |
| trusty/esm | released | 1.5.3-2ubuntu4.1 |
| upstream | released | 1.5.4-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [1.6.1-2ubuntu1]] |
| lucid | DNE | |
| precise | DNE | |
| trusty | not-affected | 1.6.1-2ubuntu1 |
| trusty/esm | DNE | trusty was not-affected [1.6.1-2ubuntu1] |
| upstream | released | 1.6.0-2 |
Показывать по
EPSS
2.1 Low
CVSS2
Связанные уязвимости
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not ...
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.
Уязвимость операционной системы Gentoo Linux, позволяющая злоумышленнику нарушить конфиденциальность защищаемой информации
EPSS
2.1 Low
CVSS2