CVE-2013-4576
Description
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.
Risk Information
Base Score
7.4
MODERATE
Vector
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.108
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in GnuPG for windows 1.4.0 | Windows |
| Multiple Vulnerabilities are affected in GnuPG for windows 1.4.3 | Windows |
| Multiple Vulnerabilities are affected in GnuPG for windows 1.4.4 | Windows |
| Vulnerabilities CVE-2006-6169,CVE-2013-4576 are affected in GnuPG for windows 1.4 | Windows |
| Vulnerabilities CVE-2007-1263,CVE-2013-4351,CVE-2013-4576 are affected in GnuPG for windows 1.4.6 | Windows |
| Multiple Vulnerabilities are affected in GnuPG for windows 1.4.8 | Windows |
| Multiple Vulnerabilities are affected in GnuPG for windows 1.4.10 | Windows |
| Multiple Vulnerabilities are affected in GnuPG for windows 1.4.11 | Windows |
| Multiple Vulnerabilities are affected in GnuPG for windows 1.4.12 | Windows |
| Multiple Vulnerabilities are affected in GnuPG for windows 1.4.2 | Windows |
| Multiple Vulnerabilities are affected in GnuPG for windows 1.4.5 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.0.0 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.0.1 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.0.2 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.0.3 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.0.6 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.0.7 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.2.0 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.2.1 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.2.2 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.2.3 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.2.4 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.2.5 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.2.6 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.2.7 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.3.0 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.3.1 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.3.2 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.3.3 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.3.4 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.3.6 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.3.90 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.3.91 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.3.92 | Windows |
| Vulnerabilities CVE-2013-4242,CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.3.93 | Windows |
| Multiple Vulnerabilities are affected in GnuPG for windows 1.4.13 | Windows |
| Vulnerabilities CVE-2013-4402,CVE-2013-4576,CVE-2014-4617,CVE-2016-6313 are affected in GnuPG for windows 1.4.14 | Windows |
| Vulnerabilities CVE-2013-4576,CVE-2014-4617 are affected in GnuPG for windows 1.4.15 | Windows |
| (RHSA-2014:0016) Moderate: gnupg security update gnupg-1.4.5-18.el5_10.1.i386.rpm | Linux |
| (RHSA-2014:0016) Moderate: gnupg security update gnupg-1.4.5-18.el5_10.1.x86_64.rpm | Linux |
| CVE-2013-4576 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234