CVE-2014-5270 libgcrypt20

Metadata

low
2.1
libgcrypt20
CVE-2014-5270
2017-06-18 07:04
ALAS-2015-577
CVE-2014-5270 libgcrypt11
CVE-2014-5270 gnupg
CVE-2014-5270
2017-06-16 19:11
2017-04-01 19:11
2017-01-05 20:17

Description

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster libgcrypt20 1.6.0-2
jessie libgcrypt20 1.6.0-2
sid libgcrypt20 1.6.0-2
stretch libgcrypt20 1.6.0-2