CVE-2014-5270
Description
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
0.072
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| LGPL Crypto library (USN-2339-2) libgcrypt11_1.5.3-2ubuntu4.2_i386.deb | Linux |
| LGPL Crypto library (USN-2339-2) libgcrypt11_1.5.3-2ubuntu4.2_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234