1.9

CVE-2013-4242

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version10.04 Update- Editionlts
CanonicalUbuntu Linux Version12.04 Update- Editionlts
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.04
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
GnupgGnupg Version <= 1.4.13
GnupgGnupg Version0.0.0 Update-
GnupgGnupg Version0.2.15
GnupgGnupg Version0.2.16
GnupgGnupg Version0.2.17
GnupgGnupg Version0.2.18
GnupgGnupg Version0.2.19
GnupgGnupg Version0.3.0
GnupgGnupg Version0.3.1
GnupgGnupg Version0.3.2
GnupgGnupg Version0.3.3
GnupgGnupg Version0.3.4
GnupgGnupg Version0.3.5
GnupgGnupg Version0.4.0
GnupgGnupg Version0.4.1
GnupgGnupg Version0.4.3
GnupgGnupg Version0.4.4
GnupgGnupg Version0.4.5
GnupgGnupg Version0.9.0
GnupgGnupg Version0.9.1
GnupgGnupg Version0.9.2
GnupgGnupg Version0.9.3
GnupgGnupg Version0.9.4
GnupgGnupg Version0.9.5
GnupgGnupg Version0.9.6
GnupgGnupg Version0.9.7
GnupgGnupg Version0.9.8
GnupgGnupg Version0.9.9
GnupgGnupg Version0.9.10
GnupgGnupg Version0.9.11
GnupgGnupg Version1.0.0
GnupgGnupg Version1.0.1
GnupgGnupg Version1.0.2
GnupgGnupg Version1.0.3
GnupgGnupg Version1.0.4
GnupgGnupg Version1.0.4 Update- Editionwin32
GnupgGnupg Version1.0.5
GnupgGnupg Version1.0.5 Update- Editionwin32
GnupgGnupg Version1.0.6
GnupgGnupg Version1.0.7
GnupgGnupg Version1.2.0
GnupgGnupg Version1.2.1
GnupgGnupg Version1.2.1 Updatewindows
GnupgGnupg Version1.2.2
GnupgGnupg Version1.2.3
GnupgGnupg Version1.2.4
GnupgGnupg Version1.2.5
GnupgGnupg Version1.2.6
GnupgGnupg Version1.2.7
GnupgGnupg Version1.3.0
GnupgGnupg Version1.3.1
GnupgGnupg Version1.3.2
GnupgGnupg Version1.3.3
GnupgGnupg Version1.3.4
GnupgGnupg Version1.3.6
GnupgGnupg Version1.3.90
GnupgGnupg Version1.3.91
GnupgGnupg Version1.3.92
GnupgGnupg Version1.3.93
GnupgGnupg Version1.4.0
GnupgGnupg Version1.4.10
GnupgGnupg Version1.4.11
GnupgGnupg Version1.4.12
GnupgGnupg Version2.0.1
GnupgGnupg Version2.0.3
GnupgGnupg Version2.0.4
GnupgGnupg Version2.0.5
GnupgGnupg Version2.0.6
GnupgGnupg Version2.0.7
GnupgGnupg Version2.0.8
GnupgGnupg Version2.0.10
GnupgGnupg Version2.0.11
GnupgGnupg Version2.0.12
GnupgGnupg Version2.0.13
GnupgGnupg Version2.0.14
GnupgGnupg Version2.0.15
GnupgGnupg Version2.0.16
GnupgGnupg Version2.0.17
GnupgGnupg Version2.0.18
GnupgGnupg Version2.0.19
GnupgLibgcrypt Version <= 1.5.2
GnupgLibgcrypt Version1.4.0
GnupgLibgcrypt Version1.4.3
GnupgLibgcrypt Version1.4.4
GnupgLibgcrypt Version1.4.5
GnupgLibgcrypt Version1.4.6
GnupgLibgcrypt Version1.5.0
GnupgLibgcrypt Version1.5.1
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.53% 0.407
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880
http://eprint.iacr.org/2013/448
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1457.html
http://secunia.com/advisories/54318
Vendor Advisory
http://secunia.com/advisories/54321
Vendor Advisory
http://secunia.com/advisories/54332
Vendor Advisory
http://secunia.com/advisories/54375
Vendor Advisory
http://www.debian.org/security/2013/dsa-2730
http://www.debian.org/security/2013/dsa-2731
http://www.kb.cert.org/vuls/id/976534
US Government Resource
http://www.securityfocus.com/bid/61464
http://www.ubuntu.com/usn/USN-1923-1
Vendor Advisory