Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
References
Link | Resource |
---|---|
http://www.cs.tau.ac.il/~tromer/radioexp/ | Third Party Advisory |
http://www.debian.org/security/2015/dsa-3184 | Third Party Advisory |
http://www.debian.org/security/2015/dsa-3185 | Third Party Advisory |
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html | Patch Release Notes Vendor Advisory |
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2019-11-29T21:02:23
Updated: 2019-11-29T21:02:23
Reserved: 2014-05-14T00:00:00
Link: CVE-2014-3591
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-11-29T22:15:11.703
Modified: 2019-12-05T18:06:49.530
Link: CVE-2014-3591
JSON object: View
Redhat Information
No data.
CWE