← back
CVE-2013-4242

CVE-2013-4242

EPSS 0.5%
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880http://eprint.iacr.org/2013/448http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.htmlhttp://lists.opensuse.org/opensuse-updates/2013-08/msg00003.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1457.htmlhttp://secunia.com/advisories/54318http://secunia.com/advisories/54321http://secunia.com/advisories/54332http://secunia.com/advisories/54375http://www.debian.org/security/2013/dsa-2730http://www.debian.org/security/2013/dsa-2731