Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
Advisories
Source ID Title
Debian DLA Debian DLA DLA-175-1 gnupg security update
Debian DLA Debian DLA DLA-190-1 libgcrypt11 security update
Debian DSA Debian DSA DSA-3184-1 gnupg security update
Debian DSA Debian DSA DSA-3185-1 libgcrypt11 security update
EUVD EUVD EUVD-2014-3565 Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
Ubuntu USN Ubuntu USN USN-2554-1 GnuPG vulnerabilities
Ubuntu USN Ubuntu USN USN-2555-1 Libgcrypt vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00135}

epss

{'score': 0.00141}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-06T10:50:17.627Z

Reserved: 2014-05-14T00:00:00

Link: CVE-2014-3591

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-29T22:15:11.703

Modified: 2024-11-21T02:08:27.843

Link: CVE-2014-3591

cve-icon Redhat

Severity : Low

Publid Date: 2015-02-27T00:00:00Z

Links: CVE-2014-3591 - Bugzilla

cve-icon OpenCVE Enrichment

No data.