ID CVE-2013-4576
Summary GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.
References
Vulnerable Configurations
  • cpe:2.3:a:gnupg:gnupg:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.0.4:-:win32:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.0.4:-:win32:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.0.5:-:win32:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.0.5:-:win32:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.2.1:windows:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.2.1:windows:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.3.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.3.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.3.91:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.3.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.3.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.3.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.3.93:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.3.93:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.2.19:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.9.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:0.9.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:0.9.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.1.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.1.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.1.91:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.1.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.1.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.1.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:1.4.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:1.4.15:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 29-08-2017 - 01:33)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
redhat via4
advisories
bugzilla
id 1043327
title CVE-2013-4576 gnupg: RSA secret key recovery via acoustic cryptanalysis
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • comment gnupg is earlier than 0:1.4.5-18.el5_10.1
    oval oval:com.redhat.rhsa:tst:20140016002
  • comment gnupg is signed with Red Hat redhatrelease key
    oval oval:com.redhat.rhsa:tst:20070107003
rhsa
id RHSA-2014:0016
released 2014-01-08
severity Moderate
title RHSA-2014:0016: gnupg security update (Moderate)
rpms gnupg-0:1.4.5-18.el5_10.1
refmap via4
bid 64424
debian DSA-2821
misc
mlist
  • [gnupg-devel] 20131218 [Announce] [security fix] GnuPG 1.4.16 released
  • [oss-security] 20131218 GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)
  • [oss-security] 20131218 Re: GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)
osvdb 101170
sectrack 1029513
ubuntu USN-2059-1
xf gunpg-cve20134576-info-disclosure(89846)
Last major update 29-08-2017 - 01:33
Published 20-12-2013 - 21:55
Back to Top