CVE-2013-4242
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
19/08/2013
Last modified:
11/04/2025
Description
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
Impact
Base Score 2.0
1.90
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:* | 1.4.13 (including) | |
| cpe:2.3:a:gnupg:gnupg:0.0.0:-:*:*:*:*:*:* | ||
| cpe:2.3:a:gnupg:gnupg:0.2.15:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnupg:gnupg:0.2.16:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnupg:gnupg:0.2.17:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnupg:gnupg:0.2.18:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnupg:gnupg:0.2.19:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnupg:gnupg:0.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnupg:gnupg:0.3.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880
- http://eprint.iacr.org/2013/448
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html
- http://rhn.redhat.com/errata/RHSA-2013-1457.html
- http://secunia.com/advisories/54318
- http://secunia.com/advisories/54321
- http://secunia.com/advisories/54332
- http://secunia.com/advisories/54375
- http://www.debian.org/security/2013/dsa-2730
- http://www.debian.org/security/2013/dsa-2731
- http://www.kb.cert.org/vuls/id/976534
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/61464
- http://www.ubuntu.com/usn/USN-1923-1
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880
- http://eprint.iacr.org/2013/448
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html
- http://rhn.redhat.com/errata/RHSA-2013-1457.html
- http://secunia.com/advisories/54318
- http://secunia.com/advisories/54321
- http://secunia.com/advisories/54332
- http://secunia.com/advisories/54375
- http://www.debian.org/security/2013/dsa-2730
- http://www.debian.org/security/2013/dsa-2731
- http://www.kb.cert.org/vuls/id/976534
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/61464
- http://www.ubuntu.com/usn/USN-1923-1