CVE-2013-4242

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
canonicalubuntu_linux
13.04
debiandebian_linux
6.0
debiandebian_linux
7.0
gnupggnupg
𝑥
≤ 1.4.13
gnupggnupg
0.0.0
gnupggnupg
0.2.15
gnupggnupg
0.2.16
gnupggnupg
0.2.17
gnupggnupg
0.2.18
gnupggnupg
0.2.19
gnupggnupg
0.3.0
gnupggnupg
0.3.1
gnupggnupg
0.3.2
gnupggnupg
0.3.3
gnupggnupg
0.3.4
gnupggnupg
0.3.5
gnupggnupg
0.4.0
gnupggnupg
0.4.1
gnupggnupg
0.4.3
gnupggnupg
0.4.4
gnupggnupg
0.4.5
gnupggnupg
0.9.0
gnupggnupg
0.9.1
gnupggnupg
0.9.2
gnupggnupg
0.9.3
gnupggnupg
0.9.4
gnupggnupg
0.9.5
gnupggnupg
0.9.6
gnupggnupg
0.9.7
gnupggnupg
0.9.8
gnupggnupg
0.9.9
gnupggnupg
0.9.10
gnupggnupg
0.9.11
gnupggnupg
1.0.0
gnupggnupg
1.0.1
gnupggnupg
1.0.2
gnupggnupg
1.0.3
gnupggnupg
1.0.4
gnupggnupg
1.0.4
gnupggnupg
1.0.5
gnupggnupg
1.0.5
gnupggnupg
1.0.6
gnupggnupg
1.0.7
gnupggnupg
1.2.0
gnupggnupg
1.2.1
gnupggnupg
1.2.1:windows
gnupggnupg
1.2.2
gnupggnupg
1.2.3
gnupggnupg
1.2.4
gnupggnupg
1.2.5
gnupggnupg
1.2.6
gnupggnupg
1.2.7
gnupggnupg
1.3.0
gnupggnupg
1.3.1
gnupggnupg
1.3.2
gnupggnupg
1.3.3
gnupggnupg
1.3.4
gnupggnupg
1.3.6
gnupggnupg
1.3.90
gnupggnupg
1.3.91
gnupggnupg
1.3.92
gnupggnupg
1.3.93
gnupggnupg
1.4.0
gnupggnupg
1.4.10
gnupggnupg
1.4.11
gnupggnupg
1.4.12
gnupggnupg
2.0.1
gnupggnupg
2.0.3
gnupggnupg
2.0.4
gnupggnupg
2.0.5
gnupggnupg
2.0.6
gnupggnupg
2.0.7
gnupggnupg
2.0.8
gnupggnupg
2.0.10
gnupggnupg
2.0.11
gnupggnupg
2.0.12
gnupggnupg
2.0.13
gnupggnupg
2.0.14
gnupggnupg
2.0.15
gnupggnupg
2.0.16
gnupggnupg
2.0.17
gnupggnupg
2.0.18
gnupggnupg
2.0.19
gnupglibgcrypt
𝑥
≤ 1.5.2
gnupglibgcrypt
1.4.0
gnupglibgcrypt
1.4.3
gnupglibgcrypt
1.4.4
gnupglibgcrypt
1.4.5
gnupglibgcrypt
1.4.6
gnupglibgcrypt
1.5.0
gnupglibgcrypt
1.5.1
opensuseopensuse
12.2
opensuseopensuse
12.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnupg
raring
Fixed 1.4.12-7ubuntu1.1
released
quantal
Fixed 1.4.11-3ubuntu4.2
released
precise
Fixed 1.4.11-3ubuntu2.3
released
lucid
Fixed 1.4.10-2ubuntu1.3
released
libgcrypt11
raring
Fixed 1.5.0-3ubuntu2.2
released
quantal
Fixed 1.5.0-3ubuntu1.1
released
precise
Fixed 1.5.0-3ubuntu0.2
released
lucid
Fixed 1.4.4-5ubuntu2.2
released
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880
http://eprint.iacr.org/2013/448
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html
http://rhn.redhat.com/errata/RHSA-2013-1457.html
http://secunia.com/advisories/54318
http://secunia.com/advisories/54321
http://secunia.com/advisories/54332
http://secunia.com/advisories/54375
http://www.debian.org/security/2013/dsa-2730
http://www.debian.org/security/2013/dsa-2731
http://www.kb.cert.org/vuls/id/976534
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/61464
http://www.ubuntu.com/usn/USN-1923-1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880
http://eprint.iacr.org/2013/448
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html
http://rhn.redhat.com/errata/RHSA-2013-1457.html
http://secunia.com/advisories/54318
http://secunia.com/advisories/54321
http://secunia.com/advisories/54332
http://secunia.com/advisories/54375
http://www.debian.org/security/2013/dsa-2730
http://www.debian.org/security/2013/dsa-2731
http://www.kb.cert.org/vuls/id/976534
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/61464
http://www.ubuntu.com/usn/USN-1923-1