Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11387

HistoryJan 15, 2019 - 9:01 a.m.

Information Disclosure

2019-01-1509:01:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

11

EPSS

0

Percentile

5.3%

libgcrypt is vulnerable to information disclosure attacks. The vulnerability exists as GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880

eprint.iacr.org/2013/448

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html

lists.opensuse.org/opensuse-updates/2013-08/msg00003.html

rhn.redhat.com/errata/RHSA-2013-1457.html

secunia.com/advisories/54318

secunia.com/advisories/54321

secunia.com/advisories/54332

secunia.com/advisories/54375

www.debian.org/security/2013/dsa-2730

www.debian.org/security/2013/dsa-2731

www.kb.cert.org/vuls/id/976534

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/61464

www.ubuntu.com/usn/USN-1923-1

access.redhat.com/security/updates/classification/#moderate

rhn.redhat.com/errata/RHSA-2013-1457.html

EPSS

0

Percentile

5.3%

Related for VERACODE:11387

openvas45 freebsd1 nessus27 amazon2 oraclelinux2 fedora9 redhat3 ubuntu1 debian2 securityvulns3 mageia1 nvd1 f52 ubuntucve1 prion1 cert1 cvelist1 cve1 slackware1 centos2 altlinux1 gentoo1 veracode2 osv1