Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | libgcrypt | 2015-08-04 17:43 | ALAS-2015-577 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 1.9 | AV:L/AC:M/Au:N/C:P/I:N/A:N |
NVD | CVSSv2 | 2.1 | AV:L/AC:L/Au:N/C:P/I:N/A:N |