CVE-2014-5270 (retired)

Priority
Description
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not
properly perform ciphertext normalization and ciphertext randomization,
which makes it easier for physically proximate attackers to conduct
key-extraction attacks by leveraging the ability to collect voltage data
from exposed metal, a different vector than CVE-2013-4576.
Assigned-to
mdeslaur
Notes
Package
Source: gnupg (LP Ubuntu Debian)
Upstream:released (1.4.16-1)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (1.4.16-1.2ubuntu1)
Patches:
Upstream:http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=cad8216f9a0b33c9dc84ecc4f385b00045e7b496
Package
Upstream:released (1.6.0-2)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
More Information

Updated: 2019-10-09 07:50:53 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)