1.9

CVE-2013-4242

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

Data is provided by the National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version10.04 Update- Editionlts
CanonicalUbuntu Linux Version12.04 Update- Editionlts
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.04
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
GnupgGnupg Version <= 1.4.13
GnupgGnupg Version0.0.0 Update-
GnupgGnupg Version0.2.15
GnupgGnupg Version0.2.16
GnupgGnupg Version0.2.17
GnupgGnupg Version0.2.18
GnupgGnupg Version0.2.19
GnupgGnupg Version0.3.0
GnupgGnupg Version0.3.1
GnupgGnupg Version0.3.2
GnupgGnupg Version0.3.3
GnupgGnupg Version0.3.4
GnupgGnupg Version0.3.5
GnupgGnupg Version0.4.0
GnupgGnupg Version0.4.1
GnupgGnupg Version0.4.3
GnupgGnupg Version0.4.4
GnupgGnupg Version0.4.5
GnupgGnupg Version0.9.0
GnupgGnupg Version0.9.1
GnupgGnupg Version0.9.2
GnupgGnupg Version0.9.3
GnupgGnupg Version0.9.4
GnupgGnupg Version0.9.5
GnupgGnupg Version0.9.6
GnupgGnupg Version0.9.7
GnupgGnupg Version0.9.8
GnupgGnupg Version0.9.9
GnupgGnupg Version0.9.10
GnupgGnupg Version0.9.11
GnupgGnupg Version1.0.0
GnupgGnupg Version1.0.1
GnupgGnupg Version1.0.2
GnupgGnupg Version1.0.3
GnupgGnupg Version1.0.4
GnupgGnupg Version1.0.4 Update- Editionwin32
GnupgGnupg Version1.0.5
GnupgGnupg Version1.0.5 Update- Editionwin32
GnupgGnupg Version1.0.6
GnupgGnupg Version1.0.7
GnupgGnupg Version1.2.0
GnupgGnupg Version1.2.1
GnupgGnupg Version1.2.1 Updatewindows
GnupgGnupg Version1.2.2
GnupgGnupg Version1.2.3
GnupgGnupg Version1.2.4
GnupgGnupg Version1.2.5
GnupgGnupg Version1.2.6
GnupgGnupg Version1.2.7
GnupgGnupg Version1.3.0
GnupgGnupg Version1.3.1
GnupgGnupg Version1.3.2
GnupgGnupg Version1.3.3
GnupgGnupg Version1.3.4
GnupgGnupg Version1.3.6
GnupgGnupg Version1.3.90
GnupgGnupg Version1.3.91
GnupgGnupg Version1.3.92
GnupgGnupg Version1.3.93
GnupgGnupg Version1.4.0
GnupgGnupg Version1.4.10
GnupgGnupg Version1.4.11
GnupgGnupg Version1.4.12
GnupgGnupg Version2.0.1
GnupgGnupg Version2.0.3
GnupgGnupg Version2.0.4
GnupgGnupg Version2.0.5
GnupgGnupg Version2.0.6
GnupgGnupg Version2.0.7
GnupgGnupg Version2.0.8
GnupgGnupg Version2.0.10
GnupgGnupg Version2.0.11
GnupgGnupg Version2.0.12
GnupgGnupg Version2.0.13
GnupgGnupg Version2.0.14
GnupgGnupg Version2.0.15
GnupgGnupg Version2.0.16
GnupgGnupg Version2.0.17
GnupgGnupg Version2.0.18
GnupgGnupg Version2.0.19
GnupgLibgcrypt Version <= 1.5.2
GnupgLibgcrypt Version1.4.0
GnupgLibgcrypt Version1.4.3
GnupgLibgcrypt Version1.4.4
GnupgLibgcrypt Version1.4.5
GnupgLibgcrypt Version1.4.6
GnupgLibgcrypt Version1.5.0
GnupgLibgcrypt Version1.5.1
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.16% 0.371
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.