{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T06:37:48.230","vulnerabilities":[{"cve":{"id":"CVE-2014-3591","sourceIdentifier":"secalert@redhat.com","published":"2019-11-29T22:15:11.703","lastModified":"2024-11-21T02:08:27.843","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication."},{"lang":"es","value":"Libgcrypt versiones anteriores a 1.6.3 y GnuPG versiones anteriores a 1.4.19, no implementa un blinding de texto cifrado para el desencriptado de Elgamal, lo que permite a atacantes físicamente próximos obtener la clave privada del servidor determinando factores que utilizan texto cifrado y las fluctuaciones en el campo electromagnético durante la multiplicación."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.5,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.19","matchCriteriaId":"8A7A4C18-6BE6-437E-81AD-C4AD73A78038"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.3","matchCriteriaId":"840D7B26-0812-45F3-803A-B24F7D843364"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"16F59A04-14CF-49E2-9973-645477EA09DA"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.cs.tau.ac.il/~tromer/radioexp/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2015/dsa-3184","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2015/dsa-3185","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html","source":"secalert@redhat.com","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.cs.tau.ac.il/~tromer/radioexp/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2015/dsa-3184","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2015/dsa-3185","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}