Information disclosure in GNU GnuPG



Published: 2019-11-29 | Updated: 2020-07-17
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2014-3591
CWE-ID CWE-200
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
GnuPG
Client/Desktop applications / Encryption software

Vendor GNU

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Information disclosure

EUVDB-ID: #VU30571

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-3591

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.

Mitigation

Install update from vendor's website.

Vulnerable software versions

GnuPG: 1.4.0 - 1.4.18

External links

http://www.cs.tau.ac.il/~tromer/radioexp/
http://www.debian.org/security/2015/dsa-3184
http://www.debian.org/security/2015/dsa-3185
http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###